Home
Yuchao Toolbox
Cancel

Yara

install sudo apt update -y && sudo apt upgrade -y sudo apt install yara usage yara myfirstrule.yar somefile write rules https://yara.readthedocs.io/en/stable/writingrules.html http...

2022-05-16 1 min sec

BurpSuite Lab

sql injection cheetsheet https://portswigger.net/web-security/sql-injection/cheat-sheet '+OR+1=1-- '+UNION+SELECT+NULL,NULL-- -- find columns are compatible with string data '+UNION+SELECT+'abcd...

2022-05-10 3 min sec

self reproducing code

How to write a quine self-reproducing code A quine is a program, takes no input and produces a copy of its own source code as its only output. original code is: Head is: malicious code + data of...

2022-04-29 1 min sec

CEH small points

Insertion attack TTL field, some packets will end in IDS like tcp 3 packets [maliciou][xxx][s], IDS see maliciouxxxs, backend see malicious. PHF attack, “phf” in GET request. Unicode invas...

2022-04-18 45 min sec

htb altered

Know it`s an php lavarel application behind nginx. Brute force Laravel application pin try type juggling change content type to application/json application/x-www-form-urlencoded, body is na...

2022-04-02 1 min sec

htb stacked

recon nmap nmap -p- --min-rate 10000 -oA scans/nmap-alltcp 10.10.11.112 nmap -p 22,80,2376 -sCV -oA scans/nmap-tcpscripts 10.10.11.112 22/tcp open ssh; 80/tcp open http; 2376/tcp open d...

2022-03-29 4 min sec

Buffer over flow

Learn from Video understand stack MOST IMPORTANT !!! What happens when you call a procedure? https://www.youtube.com/watch?v=RU5vUIl1vRs Assembly Programming Assembly Function Stack Frame Ex...

2022-03-27 3 min sec

Jr Penetrarion Test

Content Discovery Wappalyzer (https://www.wappalyzer.com/) The Wayback Machine (https://archive.org/web/) Automated Discovery https://github.com/danielmiessler/SecLists ffuf, “Fuzz Faster...

2022-01-28 32 min sec

cryptography

secret key encryption tr 'a-z' 'A-Z' < test.txt to upper case Encryption Mode: Electronic Codebook(ECB), Cipher-Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback(OFB) ECB no IV,...

2021-11-13 8 min sec

htb secret

nmap nmap -p- --min-rate 10000 -oA scans/nmap-alltcp 10.10.11.120 nmap -p 22,80,3000 -sCV -oA scans/nmap-tcpscripts 10.10.11.120 See 80, 3000 port run the same thing: maybe 80 is a reverse pro...

2021-10-30 3 min sec
Recently Updated