The passage has been polished by AI models, because I am not a English native speaker, I eager to chat technical things in English.
Linux fundamentals
grep and find, They are two kinds of things I always mixed up.
find used to search the name of the file.
find -name *.txtgrep is used to search the content of the file.
Web
IP
Now, popular types are ipv4 and ipv6(actually not pop yet, but it can cover many devices),
xxx.xxx.xxx.xxx(IPV4) XXX means 0-255, so all contain 4.6 billion,(run out already)
a device can contain both the private IP and Public IP, private IP like 192.168.x.x, public IP is given by your ISP(without thinking proxy and VPN tools)
mac address
a twelve-character hex num, the first six characters represent company, the last six is unique number.
and you can change the mac address to access the high speed Wifi when you are in Cafe this kind of places
SMB
Server message block, means it can communicate with different machines. Client uses TCP/IP protocal.
So Let’s first study some basic usage about Nmap
nmap
SYN扫描原理
其实就是把正常的TCP握手环节的最后一步ACK改为RST,以过滤掉防火墙的影响,这样仅通过SYN包发出去后的返回就可以判断port是否是通的,由于更改了正常建立TCP三次握手的过程,所以要用
sudo。
UDP扫描原理
就是发UDP包到port看返回状态,如果不给返回,那么断定这个port是(open|filter),如果返回RST,说明这个端口关了。
SMB
thinking road:
using enum4linux to list important information and find out the share profiles.
One mistake I have made, is more “xxxx xxx.file”, should using quotation mark.
Telnet
It’s a plain text tool like ssh, usually used in LAN.
How to made a reverse shell
In the exp, using msfvenom and generate a payload, paste it into the victim machine, using netcat to connect it.
hydra
A good tool to brute force the password, and supporting many protocols (such as ftp, ssh…)
NFS EXPLOIT
NFS is a server using to mount some files, the concept of this is omitted, you can search in the Internet.
SUID: It’s a file type like
-rwsr-xr-x, made any low privileged users get the root power.
The key:
You need to firstly get the private key in remote server, download the bash file to your local place.
And chown to root and chmod +s (It’s a method to made the file have the SUID character). Then copy it back to the remote server. you can access it by using bash -p , then you can visit some folders (only root can do). At the end, I can’t access the flag, It located in the /root/root.txt.
john
A hash crack tool, which is really nice.
Windows fundamentals
NTFS
ADS
file is like a folder, ADS like a unrevealed file with the main file.
network fundamentals
OSI 7 layers 经典八股
RFC 1918 defines the following three ranges of private IP addresses:
10.0.0.0 - 10.255.255.255 (10/8)172.16.0.0 - 172.31.255.255 (172.16/12)192.168.0.0 - 192.168.255.255 (192.168/16)encapsulation
Asemble knowledge
RAX - Known as the accumulator register. Often used to store the return value of a function.RBX - Sometimes known as the base register, not to be confused with the base pointer. Sometimes used as a base pointer for memory access.RDX - Sometimes known as the data register.RCX - Sometimes known as the counter register. Used as a loop counter.RSI - Known as the source index. Used as the source pointer in string operations.RDI - Known as the destination index. Used as the destination pointer in string operations.RSP - The stack pointer. Holds the address of the top of the stack.RBP - The base pointer. Holds the address of the base (bottom) of the stack.RIP is probably the most important register. RIP is the “Instruction Pointer”. It is the address of the next line of code to be executed. You cannot directly write into this register, only certain instructions such as ret can influence the instruction pointer.