This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Introduction Badly handled file uploads can lead to Remote Code Execution (RCE) if an attacker manages to upload and execute a shell. Will…
Intro OWASP top 10 Injection Broken Authentication Sensitive Data Exposure XML External Entity Broken Access Control Security Misconfiguration Cross-site Scripting Insecure Deserialization Components with Known Vulnerabilities Insufficient Logging & Monitoring [Severity 1] Injection Flaws occur because user-controlled input is interpreted as actual commands or parameters by the application. Injection attacks depend on what technologies are being used and how exactly the input is interpreted by these technologies. Common…
Intro Burp Suite is a framework of web appliccation pentesting tool. It is used to perform web app testing. To install burp suite follow this guide. https://portswigger.net/burp/documentation/desktop/getting-started Overview of Features Proxy – What allows us to funnel traffic through Burp Suite for further analysis Target – How we set the scope of our project. We can also use this to effectively create a site map of the application we are testing. Intruder – Incredibly powerful tool…
How Do We Load Websites? Finding the server A DNS request is made initially. DNS is like a giant phone book that takes a URL and turns it into an IP. You dont have to remember the IP of websites. The IP address uniquely identifies each internet connected devices, like a web servere or your computer. They are formed of 4 groups of number, each 0-255 (x.x.x.x) and called an octect. Loading some content Once the browser knows the servers IP, it…
How websites work When you visit a website, your browser makes a request to a web server asking for information about the page you’re visiting and will respond with data that your browser uses to show you the page; a web server is just a dedicated computer that handles your requests. There are two major components that make up a website: Front End (Client-side)…
Understanding MySQL What is MySQL? In its simplest definition, MySQL is a relational database management system (RDBMS) based on Structured Query Language (SQL). Database: A database is simply a persistent, organized collection of structured data. RDBMS: A software or service used to create and manage databases based on a relational model. The word “relational” just menas that the data stored…
Understanding SMTP What is SMTP? SMTP stands for simple mail transfer protocol. It is utilized to handle the sending of emails. In order to support email services, a protocol pair is required, comprising of SMTP and POP/IMAP. Together they allow the user to send outgoing mail and retrieving incoming mail, respectively. The SMTP server performs three basic functions: It verifies who is sending…
Understanding NFS What is NFS? NFS stands for Network File System and allows a system to share directories and files with others over a network. By using NFS, users and programs can access files on remote systems almost as if they were local files. It does this by mounting all, or portion of a file system on a server. …
Understanding telnet What is telnet? Telnet is an application protocol which allows you, with the use of telnet client, to connect to and execute commands on a remote machine that’s hosting a telnet server. The telnet client will establish a connection with the server. The client will then become a virtual terminal – allow you to interact with the…
Understanding FTP What is FTP? File transfer protocol is a protocol used to allow remote transfer of files over a network. It uses a client-server model to do this. It relays command and data in a very efficient way. How does FTP work? A typical FTP session operates using two channels: A command channel A data channel The command channel is used for transmitting commands as well as replies to those commands, while the data channel is used for transferring data. FTP operates using a client-server protocol. The client initiates a connection…
Understanding SMB SMB – Server Message Block Protocol – is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network. Servers make file systems and other resources available to clients on the network. Client computers may have their own hard disks, but they also want access to the shared file systems and printers on the servers. The SMB protocol is known as a response-request protocol, meaning that it transmits multiple messages between the client…
Introduction When a computer runs a network service, it opens a networking construct called a “port” to receive the connection. Ports are necessary for making multiple requests or having multiple services available. For example, when you load several webpages at once in a web browser, the program must have some way of determining which tab is loading which web…
Forewords In this blog series I will write down my notes from the courses I take from TryHackMe. This series is from the Complete beginner course where I will go through Network security, Web App security, different tools I use etc. I recommend anyone wanting to learn pentesting or defensive security to subscribe to TryHackMe….
