nquangit

Virtual hosts search:
https://pentest-tools.com/information-gathering/find-virtual-hosts

Descobertas de virtual hosts
https://github.com/jobertabma/virtual-host-discovery

bruteforce virtual hosts:
https://github.com/gwen001/vhost-brute

Cloudflare WAF bypass tool 1:

nquangit

Google dork cheatsheet

Search filters

Filter	Description	Example
allintext	Searches for occurrences of all the keywords given.	allintext:"keyword"
intext	Searches for the occurrences of keywords all at once or one at a time.	intext:"keyword"
inurl	Searches for a URL matching one of the keywords.	inurl:"keyword"
allinurl	Searches for a URL matching all the keywords in the query.	allinurl:"keyword"
intitle	Searches for occurrences of keywords in title all or one.	intitle:"keyword"

nquangit

CACHE_INFO: 127.0.0.1
CF_CONNECTING_IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
CLIENT_IP: 127.0.0.1
Client-IP: 127.0.0.1
COMING_FROM: 127.0.0.1
CONNECT_VIA_IP: 127.0.0.1
FORWARD_FOR: 127.0.0.1
FORWARD-FOR: 127.0.0.1
FORWARDED_FOR_IP: 127.0.0.1

nquangit

#!/bin/sh
test $(id -u) -eq 0 || { echo "Please call this script with sudo" >&2; exit 1; }
vmware-hgfsclient | while read folder; do
  vmwpath="/mnt/hgfs/${folder}"
  echo "[i] Mounting ${folder}   (${vmwpath})"
  mkdir -p "${vmwpath}"
  umount -f "${vmwpath}" 2>/dev/null
  vmhgfs-fuse -o allow_other -o auto_unmount ".host:/${folder}" "${vmwpath}"
done
sleep 2s

nquangit

# -*- mode: ruby -*-
# vi: set ft=ruby :

# Provision script for Windows 10
$script = <<-SCRIPT
# Ensure the script is running with elevated permissions
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Host "Run this script as Administrator!" -ForegroundColor Red
    exit
}

nquangit

What is the SSH?

SSH stands for Secure Shell. The term "SSH" can refer to both the SSH protocol and the software tools that enable system administrators and users to establish secure connections to remote computers using this protocol.

The SSH protocol is an encrypted protocol designed to provide a secure connection over an insecure network, such as the internet. In Linux, SSH is based on a portable version of the OpenSSH project. It follows a classic client-server model, with an SSH server accepting connections from SSH clients. The client connects to the server and displays the session to the remote user, while the server accepts the connection and executes the session.

The need of securing SSH

By default, an SSH server listens for incoming connections on Transmission Control Protocol (TCP) port 22. Since this is a well-known standardized port, it is often targeted by threat actors and malicious bots.

nquangit

React Learning notes

---

1. React

1.1. Introduction

• A frontend JavaScript framework, a JavaScript library for building UI (user interfaces) created by Facebook.
• Used to build SPA (single-page applications) - a web app that loads only a single web document, and then updates the body content of that single document via JavaScript APIs such as Fetch when different content is to be shown.

nquangit

# Ref: https://www.kapilarya.com/your-it-administrator-has-limited-access-to-some-areas-of-this-app

reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies" /f
reg delete "HKLM\Software\Microsoft\WindowsSelfHost" /f
reg delete "HKLM\Software\Policies" /f
reg delete "HKLM\Software\WOW6432Node\Microsoft\Policies" /f
reg delete "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" /f
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" /f
reg delete "HKCU\Software\Microsoft\WindowsSelfHost" /f

nquangit

http://vulnweb.com/

http://testhtml5.vulnweb.com - nginx, Python, Flask, CouchDB
http://testphp.vulnweb.com - Apache, PHP, MySQL
http://testasp.vulnweb.com - IIS, ASP, Microsoft SQL Server
http://testaspnet.vulnweb.com - IIS, ASP.NET, Microsoft SQL Server