Protected: OSCP Prep

Last Updated on January 25, 2022 by aghanim Table Of ContentsHow Do We Load Websites?  More HTTPS – Verbs and request formats Cookies  How Do We Load Websites?   Finding the server  A DNS request is made initially. DNS is like a giant phone book that takes a URL and turns it into an IP. You dont have to remember the IP of websites.   The IP address uniquely identifies each internet connected devices, like a web servere or your computer. They are formed of 4 groups of number,…

Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding SMTP Enumerating SMTP Exploiting SMTP  Understanding SMTP  What is SMTP?  SMTP stands for simple mail transfer protocol. It is utilized to handle the sending of emails. In order to support email services, a protocol pair is required, comprising of SMTP and POP/IMAP. Together they allow the user to send outgoing mail and…

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsIntroductionWhat is File inclusion?Why do File inclusion vulnerabilities happen?What is the risk of File inclusion?Path TraversalPath traversalWhat function causes path…

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsBriefOSINT – SSL/TLS CertificatesSSL/TLS CertificatesOSINT – Search EngineSearch EnginesDNS BruteforceOSINT – Sublist3rAutomation Using Sublist3rVirtual Hosts Brief Subdomain enumeration is the…

Last Updated on October 3, 2024 by aghanim This is a list of Command and control (C2) servers that I’ve tested. Table Of ContentsCobalt StrikeCovenantInstallation and setupLisenersGruntsPowershell-Empire with StarkillerPoshC2GodGenesisMetasploitSliverLinks and tutorialInstallSliver and MetasploitBeacon vs sessionGenerating HTTP(S) Implants with certificateExtensions (Armory)CheatsheetExample getting beacon with msfBypassing defender with staged process hollowingHavoc C2InstallInstall the dependenciesUbuntu 20.04 / 22.04Kali…

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsWhat is Command Injection?Discovering Command InjectionExploiting Command InjectionDetecting Blind Command InjectionLinux WindowsRemediating Command InjectionVulnerable FunctionsInput sanitisationBypassing FiltersPractical: Command InjectionWhat user is…