note - kdaisho/Blog GitHub Wiki

how to copy to clipboard from vim

  • select text (V selection)
  • "+y

youtube.com/watch?v=dJjQoxwyNCc

  1. proxychain configuration file etc/proxychains4.conf
sudo service tor start
sudo service tor status
proxychains firefox
  1. use tor with a proxy for all:
export ALL_PROXY=socks5://127.0.0.1:9050

To check if I'm using tor:

Make sure to start it first.

sudo service tor start

Then

curl https://ifconfig.me

or

curl --proxy socks5h://127.0.0.1:9050 https://check.torproject.org

or even access to my web app. (A server block file has been configured to read real IPs: How to configure Nginx to read real IP address from who request)

curl --proxy socks5h://127.0.0.1:9050 https://brailler.daishodesign.com

From within the server, you can read the access log and you'll see completely randomized IP.

sudo tail -f /var/log/nginx/access.log

Web application ethical hacking

https://www.youtube.com/watch?v=X4eRbHgRawI&list=PLdgqgrnMB9RYYYW8bG4HRJQ4ujbURQq-U

  1. running juice-shop locally

docs: https://owasp.org/www-project-juice-shop/ repo: https://github.com/juice-shop/juice-shop

there are some peer dependency issue so make sure to install everything you need by adding the flag:

pnpm install --shamefully-hoist

  1. Sublist3r
  • install sublist3r from github
  • run
python sublist3r.py -d irobot.com
# or
# python sublist3r.py -d greyzonewellness.com

  1. crt.sh enter: %.greyzonewellness.com

  2. Burpsuite (37:25~)

  3. Securityheaders.com (https://securityheaders.com/)

  4. Wappalyzer (firefox extension)

  5. weleakinfo.com (not available anymore)

  6. shodan https://www.shodan.io/

  7. hunter.io https://hunter.io

[email protected]

OWASP ZAP https://www.youtube.com/watch?v=QJ5u_dHwoAk&t=336s

  1. SQL injection
' OR 1=1; --

Trying to run ZAP on tor

proxychains /opt/zaproxy/zap.sh