Cyberclopaedia

Cryptography

Hash Functions

Resources

Images

Davies-Meyer Function

Merkle-Damgård Construction

Merkle-Damgård Construction (Incomplete Padding Block)

Merkle-Damgard Padding

Birthday Attacks

Davies-Meyer Transform

Merkle-Damgård Transform

Security Definitions

Integrity Verification

Resources

Images

Key Management

Key Exchange

Diffie-Hellman Key Exchange

Security Definitions

Primitives

Resources

Images

PRFG from PRG Tree

PRP Theoretical Implementation

Random Function

Pseudorandom Function Generators (PRFGs)

Pseudorandom Generators (PRGs)

Pseudorandom Permutations (PRPs)

Private-Key Cryptography

Authenticated Encryption

Block Ciphers

Modes of Operation

Resources

Images

Cipher Block Chaining (CBC) Mode

Counter (CTR) Mode

Electronic Cookbook (ECB) Mode

Resources

Images

AES

AES Inverse S-box

Block Cipher Decryption

Block Cipher Encryption

Block_Cipher_Ciphertext_Stealing

Block_Cipher_Slide_Attack

Padbuster_decrypt

Padbuster_encrypt

Padbuster_No_IV_Garbage

Padding_Oracle_C1_Bruteforce

Padding_Oracle_C12_Bruteforce

Padding_Oracle_Original_Encryption

Advanced Encryption Standard (AES)

Encrypting Non-Conforming Messages

Padding Oracle Attack

Message Authentication Codes (MACs)

Resources

Images

Deterministic MAC

MAC Example Mechanism

Message Authentication Code

Fixed-Length MACs

Hash-Based MACs (HMAC)

One-Time Passwords

HMAC-Based One-Time Passwords (HOTP)

Time-Based One-Time Passwords (TOTP)

Resources

Images

Private-Key Encryption Scheme

Security Definitions

Ciphertext-Only Attack (COA)

Perfect Secrecy

Semantic Security

Resources

Images

Semantic Security

Length Extension Decryption

Length Extension Encryption

Chosen Ciphertext Attack (CCA)

Chosen Plaintext Attack (CPA)

Ciphertext Integrity (CI)

Stream Ciphers

Hardware-Oriented Stream Ciphers

Resources

Images

Counter_Based_Stream_Cipher

Keystream Generation

Stateful_stream_cipher

Public-Key Cryptography

Security Definitions

Chosen-Plaintext Attack (CPA)

Perfect Secrecy

Mathematical Prerequisites

Resources

Images

English_Letter_Frequency_Table

Function Domain

Injection, Surjection, Bijection

Breaking Classical Cryptrography

Computer Science Prerequisites

Mathematical Prerequisites

Cyberclopaedia

Resources

Images

Icons

favicon-black-on-white

favicon-white-on-black

Diagram.net Export Settings

Folder Structure

Exploitation

Binary Exploitation

Heap Exploitation

Resources

Source Files

use_after_free_logic

Use After Free (UAF)

Stack Exploitation

Resources

Images

Canaries

Canary Leak Confirmation

Canary Memory Layout

Stack Canary Abort Example

Stack Canary Assembly

ROP

ROP_manual_input

ROP_pwn_chain_bytes

ROP_pwn_gadgets

ROP_pwn_success

Sigreturn Exploit

Sigreturn Programme

Sigreturn shell

FSV_writing_arg_fuzz

SBO_fgets_stack

SBO_gef_pattern_create

SBO_gef_pattern_search

SBO_ret_addr_crash

Source Files

Buffer Overflows

Format String Vulnerabilities

Protection Mechanisms

Return to _dl_resolve

Return-oriented programming (ROP)

Sigreturn-oriented Programming (SROP)

DNS

Resources

Images

dnsdrdos-wireshark

msf6-dns-amp-sc-run

DNS Cache Poisoning

DNS Traffic Amplification

Web

Resources

Images

Command Injection

Output Redirect Command Injection

Output Redirect Command Injection Read File

Simple Command Injection

Simple Command Injection Web Page

Time-Based Command Injection

Time-Based Command Injection Feedback Page

Directory Traversal

Basic Directory Traversal

File Upload

Example - Carlos Secret

Example - Inspect Source

File Upload Overwrite File

MIME Type Manipulation

Unrestricted File Upload

Unrestricted File Upload Successful

Host Header Injection

Password Reset Request

PHP Object Injection

Object Injection Success

Object Serialisation

Phar Generation Error

XSS

Reflected XSS Alert

Reflected XSS Example

Stored XSS Alert

Stored XSS Example

SQL Injection

Resources

Images

Example Simple SQL Injection Exploited

Example Simple SQL Injection Home Page

Example Union Injection

Request Copy To File

Database Enumeration

Union Injection

Command Injection

Cross-Site Request Forgery

Cross-Site Scripting (XSS)

Directory Traversal

Host Header Injection

HTTP Parameter Pollution

HTTP Response Splitting

PHP Object Injection

Template Injection

Windows

SCF File Attacks

Hardware Hacking

Wireless Attacks

Resources

Diagrams

Images

WEP_aircrack_crack_key

WEP_aireplay_arp_replay

WEP_airodump_arp_replay

WEP_airodump_fake_auth_open_success

WEP_airodumpg_monitor_wep_networks

WEP_capture_ska

WEP_fake_auth_open_success

WEP_fake_auth_ska_success

WEP_monitor_specific_network

WIFI_aireplay_deauth

WIFI_airmon_check

WIFI_airmon_check_kill

WIFI_airmon_monitor_all_5ghz

WIFI_airmon_start

WIFI_airmon_stop

WIFI_airodump_list_capture_files

WIFI_airodump_monitor_all

WIFI_airodump_monitor_single

WIFI_handshake_captured

WIFI_iwconfig_list

WIFI_iwconfig_list_monitor_mode

Hacking WEP Networks

Hacking WPA Networks

Networking

Application Layer Addressing

Uniform Resource Locators (URLs)

Uniform Resource Names (URNs)

Networks

Protocols

Address Resolution Protocol (ARP)

Resources

Images

ARP Address Resolution

Reverse Address Resolution

Address Resolution

ARP Message Format

Reverse Address Resolution (RARP)

Domain Name System (DNS)

The Domain Name System

The in-addr.arpa Domain

Hypertext Transfer Protocol (HTTP)

HTTP Requests

HTTP Responses

HTTP Status Codes

Internet Protocol (IP)

Internet Protocol v4 (IPv4)

Resources

Images

Classful IP Address Format

Default Subnet Masks

IP Dotted Decimal

IPv4 Fragmentation Flags

Network and Host ID

Subnetting Summary

Classful Addressing

Classless Inter-Domain Routing (CIDR)

Internet Protocol v6 (IPv6)

Resources

Diagrams

Ethernet

Ethernet_8021q_header

Ethernet_Basic_Network

Ethernet_Two_Switches

Switch_Frame_Receive

Images

ARP

ARP Message Format

Ethernet

Cisco_Switch_Show_MAC_Address_Table

Ethernet_8021q_header

Ethernet_Basic_Network

Ethernet_Two_Switches

Switch_Frame_Receive

FTP

FTP Active Connection

FTP Authentication

FTP Operational Model

FTP Passive Connection

LDAP

LDAP Directory Information Tree

NTP

SNMP

WLAN (IEEE 802.11)

Management Frames

Resources

Images

802_11_authentication

Association_Request

Association_Response

Authentication_Frame

Capability_Information

Challenge_Text_MFIE

Channel_Switch_Announcement_MFIE

Deassociation_Frame

Deauthentication_Frame

DS_Parameter_Set_MFIE

Extended_Supported_Rates_MFIE

IBSS_DFS_MFIE 1

IBSS_Parameter_Set

Management_Frame

Power_Capability_MFIE

Power_Constraint_MFIE

Probe_Request_Frame

Probe_Response_Frame

Reassociation_Request

Request_Information_MFIE

Supported_Channels_MFIE

Supported_Rates_MFIE

TPC_Report_MFIE

TPC_Request_MFIE

WiFi_authentication_association

Association Frames

Authentication Frames

Discovery Frames

Resources

Images

Shared_Key_Auth

WiFi_Integrity_MIC

WLAN_Frame_Control

Authentication & Association

Encryption & Integrity

WiFi Protected Access (WPA)

Ethernet (IEEE 802.3)

File Transfer Protocol (FTP)

Leightweight Directory Access Protocol (LDAP)

Network Time Protocol (NTP)

Server Message Block (SMB)

Simple Network Management Protocol (SNMP)

Resources

Diagrams

Subnet_Classes_Nice

UTP_10_100_BASE-T

UTP_10_100_BASE-T_crossover

UTP_1000_10GBASE-T

VLAN_native_mismatch

VLAN_native_mismatch_2

WiFi_Access_Point

Images

Subnet_Classes_Nice

VLAN_native_mismatch

VLAN_native_mismatch_2

The TCP-IP Suite and the OSI Model

Resources

Diagrams

Images

UTP_10_100_BASE_T_crossover

UTP_10_100_BASE_T_straight_through

UTP_1000_10GBASE_T

(1) The Physical Layer

(2) The Datalink Layer

Post Exploitation

Active Directory (AD)

Resources

Images

bloodhound

importedsummary

sharphoundcollector

getdomaincomputers

getdomaingroups

getdomainpolicy

getdomainuserproperty

getnetdomaincontroller

getnetusersamaccname

getsystemaccessdomainpolicy

powershell-ep-bypass

Domain Data Enumeration with Bloodhound

Domain Enumeration with PowerView

Enumeration

Linux

Resources

Images

Hunting Down Sensitive Files

find_pass_password

find_pass_password_in_name

Network Enumeration

System Enumeration

cat_proc_version

find_files_group

find_files_user

find_files_user_no_proc

User Enumeration

linpeas_container

linpeas_devices

linpeas_softinfo_1

linpeas_sysinfo_1

linpeas_sysinfo_2

linpeas_sysinfo_3

linpeas_usersinfo_1

linpeas_usersinfo_2

Hunting Down Sensitive Files

Network Enumeration

System Enumeration

User Enumeration

Windows

Resources

Images

System Enumeration

Enumerate Drives

System Enumeration

Pivoting

Resources

Images

SSH_Local_Tunnel

SSH_Local_Tunnel_Correct

SSH_Local_Tunnel_Fail

SSH_Local_Tunnel_Success

SSH_Local_Tunnel_Wrong

Tunneling with Chisel

Privilege Escalation

Linux

Resources

Images

Abusing Linux Capabilities

Abusing CAP_SETUID

Finding Capabilities

Abusing SUID & SGID Binaries

Finding SUID Binaries

Hijacked Absolute Path

Hijacked Relative Path

Shared Object Injection Successful

Start Apache Absolute Path

Start Apache Relative Path

strace Library Misconfigurations

Systemctl Escalated Privileges

Systemctl GTFOBins

Kernel Exploits

Compilation Instructions

Elevated Privileges

Verify Kernel Version

NFS Root Squashing

Change Ownership and Permission on the Attacking Machine

Compile On Target

Confirm Mountable Directories

Enumerate Mountable Directories

Ownership and Permissions from the Target's POV

Sudo Escalation via LD_PRELOAD

GCC Compile Library

Preload Library

Sudo -l LD_PRELOAD

Sudo Shell Escape Sequences

Awk Escape Sequence

Find Escape Sequence

GTFOBins Find Search

Abusing Linux Capabilities

Abusing SUID & SGID Binaries

Kernel Exploits

NFS Root Squashing

Sudo Escalation via LD_PRELOAD

Sudo Shell Escape Sequences

Windows

Misconfigured Services

Resources

Images

ISE

filepermsvc accesschk

Replace Executable

USP

Check Directory Permissions

Copy To Unquoted Path

Query unquotedsvc

Unquoted Service Path

WRP

Modifiable Registry Service Entry

Overwritten ImagePath Key

Access Check Permissions

WinPEAS daclsvc

WinPEAS Enumerate Services

Insecure Service Executable Permissions

Insecure Service Permissions

Unquoted Service Paths

Weak Registry Permissions

Resources

Images

AlwaysInstallElevated

Query Registry Keys

AutoRuns

Bypassing UAC

UAC Consent Prompt

UAC Credentials Prompt

UAC Protection Levels

Stored Credentials

List Stored Credentials

Runas Admin Shell Returned

Check StartUps Access

Modified CleanUp Script

Scheduled CleanUp

Scheduled CleanUp Contents

AlwaysInstallElevated Group Policy

AutoRun Programmes

Kernel Exploits

Scheduled Tasks

Startup Applications

Stored Credentials

Token Impersonation

Reconnaissance

Enumeration

Port Scanning

Resources

Images

simple-nmap-scan

simple-nmap-scan-specific-ports

tcp-connect-scan

tcp-connect-scan-wireshark

tcp-syn-scan-wireshark

FIN, NULL & XMAS Scans

Operation Security (OpSec)

TCP Connect Scan

Resources

Images

LDAP

Credentials Validation

Null Credentials Check

Wireshark Sniffing

Web

Basic Directory Brute Force

http-enum Script

Nmap Version Information

FTP Anonymous Login

SNMP_onesixtyone_bruteforce

SNMP_onesixtyone_syntax

SNMP_snmp_check

Vulnerability Scanning

Resources

Images

Check NSE Categories

Nmap Scripting Engine (NSE)

DNS Server Enumeration (53)

FTP Enumeration (21)

LDAP Enumeration (389, 636, 3268, 3269)

SNMP Enumeration (161)

Web Server Enumeration (80, 443)

Open-Source Intelligence (OSINT)

Resources

Images

Subdomain Enumeration

httprobe Example

Sublist3r Example

recon-ng-modules-load

recon-ng-workspaces-list

Reverse Whois Lookup

theHarvester-simple-results

Domain Name Enumeration

Harvesting E-Mails

Instagram User Enumeration

Subdomain Enumeration

Whois Enumeration

Reverse Engineering

Assembly Programming

x86-64

Resources

Images

Little Endian Variable Representation

Programme Memory Layout

Addressing Modes

Data Representation

Instruction Set

Binary Formats

ELF

Resources

Diagrams

ELF_Dynamic_Linking

ELF_PLT_GOT_Called

ELF_PLT_GOT_Uncalled

Programme Header

Images

ELF_dl_runtime_resolve.png

ELF_Dynamic_Linking

ELF_Header_read

ELF_PLT_GOT_Called

ELF_PLT_GOT_Uncalled

ELF_Programme_Header

ELF_Read_Relocations

ELF_Read_Symbols

ELF_Section_Header

ELF_Symbol_Tables_Flags

Dynamic Linking

PE

Resources

Diagrams

Images

PE_COFF_File_Header

PE_Data_Directories

PE_Optional_Header

PE_Section_Headers

The Rich Header

Reverse Engineering Android Applications

Program Anatomy

Resources

Images

Resources

Images

objdump-private-headers

objdump-section-headers

Reverse Engineering with Ghidra

Resources

Images

file-info-import

Pasted image 20211112104550

Creating a Project and Loading a Binary

Initial Analysis

Reverse Engineering with radare2

Resources

Images

search-bytes-basic

Basic Reverse Engineering using objdump, strace, and ltrace

System Internals

Linux

Resources

Images

Command Line

Input File Redirection

Output File Redirection

Unnamed Pipe Redirection

File System

File Permissions

Linux File System

Symbolic Link Relative Path

Windows

Active Directory (AD)

Resources

Images

Domain Controllers

View Domain Naming Master

View Schema Master

Groups

Hierarchy

Domain Tree Example

Transitive Trust

Naming Contexts

Create Application Partition

Delete Application Partition

LDP Naming Contexts

Naming Context Segregation

PowerShell Naming Contexts

Schema

Default Schema

Domain Controllers

Resources

Images

Active Directory Module for PowerShell

Add Schema Snap-In MMC

ADSI Edit Configuration NC

ADSI Edit Schema NC

ADSI Edit Schema Version

Index Attribute

Inheritance Tree of user

Schema Version PowerShell

Domain Controllers

Naming Contexts

The Active Directory Hierarchy

The Directory Information Tree (DIT)

PowerShell

Commands

Execution Policies

File System Operations

Resources

Images

File System

Delete All Streams

icacls Inspect Permissions

Inspect Folder Permissions

Oblivious Windows Explorer

Streams Recurse Folders

Introduction

Sometimes, two devices, X and Y, might be configured on the same subnet, but be separated physically by a router. ARP is not designed to function in situations like these, since it relies on broadcasting. Routers do not forward broadcasts across networks, so a broadcasted ARP request from device X will never reach device Y and vice-versa.

ARP Proxying

The solution in such cases is to proxy the ARP protocol. When the router receives an ARP broadcast from device X, it will send an ARP response with its own MAC address. Device X will, therefore, believe the router to be device Y and send any traffic for device Y to the router. The router will in turn forward the datagrams to device Y on the other network and vice versa.

The main advantage of proxying is that it is transparent to the two devices - neither device X nor device Y is ever aware of the fact that they are on physically separate networks. However, proxying introduces additional complexity and unexpected problems may rise if two or more routers, instead of one, provide the link between the two physical networks.

Table Of Contents