Hacker - The Mystery

 

In this article, I want to tell you about the most mysterious creature in cyber community #Hacker”. 

Nearly all hackers are techno hungry. Hackers are mostly self-educated (Respect them ! I know they are researching a lot, some times till morning).

As I researched, common things all the Hackers do is computer electronics, programming, they love hardware, philosophy, psychology, maths, etc…

Clothing styles : Casual or post-hippie. T-shirts, jeans, running shoes, or bare feet. Long hair, beards, and moustaches are common.  Hackers dress for comfort and minimal maintenance hassles rather than for appearance, that’s why Hackers mostly wears black more.

Attitude :  How you "solve" it. Understands learns and explores the open frontier of freedom of information.

Food : Hackers prefer the exotic. Ethnic. Spicy. Oriental, esp. Chinese and most esp. Szechuan. For those all-night hacks, pizza and microwaved burritos, beers or coffee.

Hobbies : Hobbies are going with culture, Music, Sci-fi Movies, Mind games, War games, Photography, Playing with Hardware,  Python programming. They love to play  music instruments. Meditation is also in plate.

Personality : Hackers are generally only very weakly motivated by conventional rewards such as social approval or money. They tend to be attracted by challenges and excited by interesting toys, and to judge the interest of work or other activities in terms of the challenges offered and the toys they get to play with.

Physical Activity and Sports : Many (perhaps even most) hackers don't follow or do sports at all and are determinedly anti-physical. Hacker sports are almost always primarily self-competitive ones involving concentration and stamina. The popularity of martial arts in the hacker culture deserves special mention.

References:

Luka

Read More

A Fond Farewell to "Softweb Solutions"

Hello everyone, I’m not sure how I to start this post. It’s been one amazing ride at "Softweb Solutions". I am writing about my journey as a team member of an amazing company with an even more amazing team!

An unbelievable opportunity

It all started when I left my previous job and was thinking of moving outside Gujarat. I got a notification on Linkedin, I gave interview and got selected. I was excited to work on Product Security but little did I know that it would become one of the most fulfilling adventures of my life.

In my time at Softweb Solutions, I had lots of opportunities to perform security testing for applications for variety of clients across industry verticals and I did use them to find some amazing vulnerabilities.

As we moved forward, we started working with more and more challenges.

I learnt a lot in the next few months as I realized that the more deeper I got into understanding about IoT Security, the more new things I am learning.

Internal Hackathons have not only helped the team think of edge cases and create out of the box attack scenarios but also helped build team spirit and get better at collaboration.

Internal Hackathon

Working with Sanjay Sir has taught me the most important parts of my work, but working with him allowed me to focus on the thought process and figure out the most simple solutions to the problem.

Nirmal Sir's photography skill is what you should be adoring. He taught me how to get any work done, the why’s, the what’s and the how’s.

I will definitely miss Gagandeep's jokes,  technical discussion with Shekhar, Paras, Niki and Krunal.

Debate with Pandeyji.

The people, the culture, the learning, the fun and the ever constant push to do more than you are capable of. I will always be thankful for the opportunity given to me.

Diwali Celebration 2019

 Things I learnt at "Softweb Solutions" :

• Set your dream goals and work towards them
• Communication is the key to everything
• It’s okay to fail and learn from failures

 I will always be thankful for the opportunity given to me.

What is next for me...

I’m moving on to a different place, to get a taste of a different culture and to try something new and hopefully as exciting as my time here.

Handing over of responsibilities, access and data, it could not have been smoother.

Read More

Hunting with Bash ~ Basic

I started learning "Bash" recently. And want to share useful information and resources with you guys.

I tried my best to assemble and write blog in laymen language.

Hope you like it :)

Shell Scripting 

A shell is a command-line interpreter and typical operations performed by shell scripts include file manipulation, program execution, and printing text.

There are two major types of shells

• Bourne shell : If you are using a Bourne-type shell, the $ character is the default prompt.

• C shell : If you are using a C-type shell, the % character is the default prompt.

The Bourne Shell has the following subcategories 

• Bourne shell (sh)
• Korn shell (ksh)
• Bourne Again shell (bash)
• POSIX shell (sh)

The different C-type shells follow 

• C shell (csh)
• TENEX/TOPS C shell (tcsh)

Usefulness of shell scripting

• To automate the frequently performed operations
• To run sequence of commands as a single command
• Easy to use
• Portable (It can be executed in any Unix-like operating systems without any modifications)

First Program ~ Hello World

#!/bin/bash
echo "Hello World"

*Save as .sh
*chmod +x filename.sh

Majorly Used Commands

• cat file  Show entire contents of file.
• head file Show the first 10 lines
• tail file Show the last 10 lines
• tail -f file Useful when viewing the output of a log file
• sort : sort the lines
• uniq : Remove duplicate lines from stdin
• grep : search for patterns in files
• SED : text stream editor. Can do insertion, deletion, search and replace
• find : search for files in a directory hierarchy in real time
• cut : command is a fast way to extract parts of lines of text files
• pipeline : A pipeline is a sequence of simple commands separated by one of the control operators | or |&
• Grep : searches the given files for lines containing a match to a given pattern list
• sort : command to order data in file(s) in a sequence
• xargs : can be used to build and execute commands from standard input
• tee : command basically reads from the standard input and writes to standard output and files

We could use external services

• hackertarget.com
• crt.sh
• certspotter.com
• threatcrowd.org

Variable 

      Example

echo "Enter your name:"
read var //Variable
echo "your name is :"$var

Conditions

if command; then
do this
fi

     Example

if host example.com; then
echo "Success"
fi

if else Condition

if command; then
do this
else
do this
fi

     Example

if host example.com; then
echo "Success"
else
echo "Failed"
fi

Loops

while command
do this
done

     Example

echo "Enter the domain name"
read domain

while read var; do
    if host "$var.$domain"; then
        echo "$var.$domain"
    fi
done < demo.txt

* demo.txt is domain wordlist

host command : is used for DNS (Domain Name System) lookup operations.

syntax : host example.com

dig command : is a powerful command-line tool for querying DNS name servers.

syntax : dig example.com

One Liner

• curl -s https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=deliveroo.com | jq -r '.subdomains | .[]' | sort -u

* jq is lightweight and flexible command-line JSON processor.

* | pipe is used connects their input and output

• curl -s "http://web.archive.org/cdx/search/cdx?url=*.hackerone.com/*&output=text&fl=original&collapse=urlkey" |sort| sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sort -u

• cat all.txt | httprove -s -p https:8443

• host -t CNAME subdomain.example.com

Reference :

• Coding for Penetration Testers
• Penetration Testing with the Bash Shell
• https://opensource.com/article/18/5/bash-tricks
• https://wiki.bash-hackers.org/

Thanks Vivek Sinha for proof reading. :)

Read More

My approach to Recon

From a long time I wanted to write a blog on "Recon", every time in community meet-ups or my friends were asking about "How to do Recon".

So, I decided to write this blog and tried to include such tools and services which helps me a lot while hunting.

Reconnaissance is the act of gathering preliminary data or intelligence on your target. The data is gathered in order to better plan for your attack. Reconnaissance can be performed actively or passively.

Why Recon ?

•     Info to increase attack surface
•     Sensitive information
•     Infrastructure details

Before starting I recommend to install "Swiftness" it helps a lot in target tracking and Notes keeping.

In this post I’ll provide the results of a simple and straightforward evaluation of the following sub-domain enumeration tools:

I start my recon process by using the Subfinder.

• Subfinder (https://github.com/ice3man543/subfinder)
• Knock (https://github.com/guelfoweb/knock)
• Sudomy (https://github.com/Screetsec/Sudomy)
• Lazy Recon (https://github.com/nahamsec/lazyrecon)
• Findomain (https://github.com/Edu4rdSHL/findomain)
• Amass (https://github.com/caffix/amass)
• Shodan (https://github.com/incogbyte/shosubgo)

For Visual Recon I mostly use:

• EyeWitness (https://github.com/FortyNorthSecurity/EyeWitness)
• Webscreenshot (https://github.com/maaaaz/webscreenshot)
• Aquatone (https://github.com/michenriksen/aquatone)

More assets ~ Great Extend

• https://github.com/0xbharath/censys-enumeration
• https://github.com/tomnomnom/assetfinder
• https://github.com/MilindPurswani/Syborg
• https://github.com/0xbharath/assets-from-spf/

Check for wayback URL's

• Waybackurls (https://github.com/tomnomnom/waybackurls)
• https://gist.github.com/mhmdiaa/2742c5e147d49a804b408bfed3d32d07
• http://ptrarchive.com/
• ReconCat (https://github.com/daudmalik06/ReconCat)

Domains from CSP

• Domain from CSP (https://github.com/0xbharath/domains-from-csp)

Virtual Host Discovery

• Virtual Host Discovery (https://github.com/jobertabma/virtual-host-discovery)
• https://pentest-tools.com/information-gathering/find-virtual-hosts

JS is 💛

• Meg (https://github.com/tomnomnom/meg)
• JSParser (https://github.com/nahamsec/JSParser)
• Link Finder (https://github.com/GerbenJavado/LinkFinder)
• SubJS (https://github.com/lc/subjs)
• GetJS (https://github.com/003random/getJS)
• https://javascriptbeautifier.com/

Github For Recon

• TruffleHog (https://github.com/dxa4481/truffleHog)
• Gitrob (https://github.com/michenriksen/gitrob)
• Github Cloner (https://github.com/mazen160/GithubCloner)
• Shhgit (https://github.com/eth0izzle/shhgit)
• Git all Secrets (https://github.com/anshumanbh/git-all-secrets)

For Manual Analysis, please check

•     API and key. (Get some more endpoints and find API keys.)
•     token
•     secret
•     TODO
•     password
•     http:// & https://
•     comments

Leaked Buckets

• S3Scanner (https://github.com/sa7mon/S3Scanner)
• Lazys3 (https://github.com/nahamsec/lazys3)
• Spaces Finder (https://github.com/appsecco/spaces-finder)
• CloudFlare Enumeration (https://github.com/mandatoryprogrammer/cloudflare_enum)

Certificate Transparency
 

• https://certdb.com/
• https://crt.sh/?q=%25target.com
• https://developers.facebook.com/tools/ct/search/
• https://transparencyreport.google.com/https/certificates?hl=en
• https://searchdns.netcraft.com/

Blog : https://blog.appsecco.com/certificate-transparency-part-3-the-dark-side-9d401809b025

Online Scarping

• https://virustotal.com/
• https://www.shodan.io/
• https://censys.io
• http://dnsgoodies.com
• https://viewdns.info/
• https://dnsdumpster.com/
• https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=xyz.com
• https://api.hackertarget.com/hostsearch/?q=xyz.com

Add-ons

• Retire.js: Outdated libraries
• Wappalyzer: Uncovers the technologies used on websites.

Best of luck for Hunting.
 
If you have questions about the post you want to ask me, Please contact me via twitter/fb.

Feed backs and edits are welcome.

Read More