Random Notes

My notes from different sources.

Virtual Hosts

Three types:

  • Hostname based
  • IP based
  • Port based

Hostname based : Multiple (logical) websites pointing to the same IP address. The content delivered depends on the hostname passed from the webclient. The constraint is when configuring SSL/TLS to the sites as the server may not have single wildcard certificate for all the virtually hosted websites. However, Server Name Indication (SNI) extension in SSL/TLS allows hostname indication which solves the issue to some extent.

IP based : One server man have multiple network interfaces (one IP address per network interface). Each website points to a unique IP address but all those IPs belong to the same server.

Port based : Different websites hosted on one IP address but on different ports.

Source: https://en.wikipedia.org/wiki/Virtual_hosting

Hosting temporary server to listen on ports

For HTTP connections:

Netcat : sudo nc -lvp 80

For SSL/TLS connections:

Ncat : sudo ncat -v --listen --ssl -p 443.
This command creates an SSL certificate for localhost.

Create a self signed SSL certificate:

openssl req -x509 -newkey rsa:2048 -keyout test-key.pem -out test-cert.pem -days 365 -nodes

To host a SSL/TLS server with self signed certificate:

OpenSSL : sudo openssl s_server -key test-key.pem -cert test-cert.pem -accept 443 -www

On visiting the self hosted SSL server in a browser

GPG

  • Generate GPG keys: gpg --full-generate-key
  • List all keys (public or private) : gpg --list-keys
  • List all keypairs (which has both public and private keys) : gpg --list-secret-keys
  • Import keys : gpg --import <key>
  • Get list of stored GPG keys using email: gpg --fingerprint <email>
  • Export GPG keypair : gpg --export-secret-keys <ID> > my-privatekey.asc
  • Delete GPG public key: gpg --delete-keys <ID>
  • Delete GPG private key: gpg --delete-secret-keys <ID>

Generating GPG keys non-interactive way: https://gist.github.com/woods/8970150

Generate entropy for GPG creation on terminal machines (Source)

sudo apt-get install rng-tools
sudo rngd -r /dev/urandom

Syncthing

Syncthing is available as snap package. If syncthing is run as a binary the config files are stored at ~/.config/syncthing but if it is installed using snap the config files are stored at ~/snap/syncthing/common/syncthing.

KeePass

To attach TOTP with KeyPass, use the plugin KeeOTP. Copying the TOTP is simple as Ctrl + T

FoxyProxy

FoxyProxy profile for pentesters (can be used in both Firefox and Chrome): https://gist.github.com/liamosaur/a527d285b5394180c4bf3197dc7d8035

Git

  • To see all commits in a git repo along with the changes: git log -p
  • To see all changes made to a single file in git repo: git log -p filename

Misc

To set proxy (like BurpSuite) for command line programs in Linux, execute the following:

export http_proxy=http://127.0.0.1:8080
export https_proxy=http://127.0.0.1:8080

To remove them, use unset http_proxy and unset https_proxy.

Nmap

Find hosts using ARP scan : nmap -sP -PR 192.168.56.1/24

JWT

PyJWT

  • Installing: pip install pyjwt
  • Create JWT with None alg: pyjwt --alg=none --key=none encode user=test1 admin=false iat=1564989485 exp=1565075885
  • Create JWT with secret: pyjwt --key=secret encode user=test1 admin=false iat=1564989485 exp=1565075885
  • Check if a secret is valid: pyjwt --key=secret decode "json.web.token"

JWT Bruteforce

Bruteforce JWT tokens (using https://github.com/AresS31/jwtcat): python3 jwtcat.py -t "json.web.token" -w worlist.txt