Posts

Showing posts from 2021

Rabbit Virus

Image
A fork bomb (also called rabbit virus or wabbit) is a denial-of-service attack wherein a process continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation . Understanding   the   above: :() # define ':' -- whenever we say ':', do this: { # beginning of what to do when we say ':' : # load another copy of the ':' function into memory... | # ...and pipe its output to... : # ...another copy of ':' function, which has to be loaded into memory # (therefore, ':|:' simply gets two copies of ':' loaded whenever ':' is called) & # disown the functions -- if the first ':' is killed, # all of the functions that it has started should NOT be auto-killed } # end of what to do when we say ':' ; # Having defined ':', we should now... : # ...call ':'

Msfvenom

Image
 Creating payload using msfvenom on Kali Linux  Creation of payload is Successful Starting the Apache services to facilitate listening for the incoming connection, which will be created by the payload. Using Metasploit handler to grab incoming connection. Setting handler payload type. Setting the host IP address that the payload will try to connect to. Setting the host port number that the payload will try to connect on. Starting the handler to await any connection attempts from our crafted payload. It will keep listening until a connection is established Target machine POV; By default our crafted payload that we name game will look like this. We can also change its icon make it look more friendly. Once target execute the payload, our Metasploit handler will grab it and complete the connection. And a Meterpreter session will open. Now you can safely say: "We're In ;)"

Methodology [ nmap & Hydra ]

Image
Live Hosts getting  target IP Address scanning  all TCP ports more enumeration  on unknown ports & FTP brute force with hydra FTP logging on FTP with acquired  pass downloading FLAG MD5 & SHA sums for FLAG

Methodology [ nmap & Metasploit ]

Image
  Find Machine find Machine & OS discovery script Vulnerability  Scan exploiting using   vulnerability  scan results (ms17-010) Post Exploitation Enable RDP get hashed login passwords

Hashing vs Encryption

Image
What is Hashing? Hashing is the process of changing a plain text or a key to a hashed value by applying a hash function. Usually, the input length is greater in size than the output hash value. Hashing is a one-way encryption process such that a hash value cannot be reverse engineered to get to the original plain text. Hashing is used in encryption to secure the information shared between two parties. The passwords are transformed into hash values so that even if a security breach occurs, PINs stay protected. We have already shared information about Hashing Parameters which you can read. How Does Hashing Work? Two different keys can produce identical hash value which results in a collision. For hashing to work efficiently, you should modify the hashing algorithm so that there are minimum chances of collision. The hashing algorithms then produce different hash values for alternate keys. Some key characteristics of hashing include: One input string should have one specific hash value Has

HMAC Algorithm

Image
  HMAC Algorithm in Computer Network HMAC algorithm   stands for Hashed or Hash based   Message Authentication Code . It is a result of work done on developing a MAC derived from cryptographic hash functions. HMAC is a great resistant towards cryptanalysis attacks as it uses the Hashing concept twice. HMAC consists of twin benefits of Hashing and MAC, and thus is more secure than any other authentication codes. RFC 2104 has issued HMAC, and HMAC has been made compulsory to implement in IP security. The FIPS 198 NIST standard has also issued HMAC. The Hash Function, HMAC is also aimed to be one way, i.e.  easy to generate output from input but complex the other way round. It aims at being less effected by collisions than the hash functions. HMAC reuses the algorithms like MD5 and SHA-1 and checks to replace the embedded hash functions with more secure hash functions, in case found. HMAC tries to handle the Keys in more simple manner. HMAC algorithm – The working of HMAC starts with taki

Hash functions

Image
The meaning of the verb “to hash” – to chop or scramble something – provides a clue as to what hash functions do to data. That’s right, they “ scramble ” data and convert it into a numerical value. And no matter how long the input is,   the output value is always of the same length . Hash functions are also referred to as hashing algorithms or message digest functions. They are used across many areas of computer science, for example: To encrypt communication between web servers and browsers, and generate session IDs for internet applications and data caching To protect sensitive data such as passwords, web analytics, and payment details To add digital signatures to emails To locate identical or similar data sets via lookup functions  Definition A  hash function  converts strings of different length into fixed-length strings known as hash values or digests. You can use hashing to scramble passwords into strings of authorized characters for example. The output values cannot be inverted t