Spellbook - Cardboard Iguana Security

# Spellbook A variety of notes about hacking, written for my own reference. Some notes date to the beginning of my cybersecurity journey and are very basic, while others come from later in my career and are more advanced. May you find something useful here. ## The Basics ### Hardware - [[MAC Addresses]] ### Networking - [[ARP Protocol]] - [[Different Representations of IPv4 Addresses]] - [[File Transfer Protocol (FTP)]] - [[Hypertext Transfer Protocol (HTTP)]] - [[ICMP Protocol]] - [[Internet Message Access Protocol (IMAP)]] - [[Kerberos]] - [[OSI Model]] - [[Packet Headers]] - [[Post Office Protocol 3 (POP3)]] - [[SAMBA (a.k.a. CIFS) Protocol]] - [[Simple Mail Transfer Protocol (SMTP)]] - [[SIP Protocol]] - [[TCP Model]] - [[TCP Protocol]] - [[Telnet Protocol]] - [[Uniform Resource Locators (URLs)]] - [[WiFi Terminology]] ### Operating Systems #### \*NIX - [[How to Match Files to Packages]] - [[Linux (and BSD) Password Hashes]] - [[Linux Process Signals]] - [[Magic Numbers]] - [[Symbolic Permissions]] - [[UNIX File Descriptors]] #### Windows - [[Equivalent Windows and *NIX Commands]] - [[Get-WinEvent]] - [[Using 'net'|Using `net`]] - [[Using PowerShell]] - [[Windows Event Logs]] - [[Windows Firewall]] - [[Windows Password Hashes]] - [[Windows Permissions]] #### Others - [[AIX]] - [[Cisco IOS Cheatsheet]] ### Applications - [[Using 'basenc'|Using `basenc`]] - [[Using 'certutil'|Using `certutil`]] - [[Using 'ffmpeg'|Using `ffmpeg`]] - [[Using 'gdb'|Using `gdb`]] - [[Using 'netstat'|Using `netstat`]] - [[Using 'ps'|Using `ps`]] - [[Using SSH]] - [[Using 'ss'|Using `ss`]] - [[Using 'unbuffer'|Using `unbuffer`]] - [[Using XFreeRDP]] - [[Using 'xxd'|Using `xxd`]] - [[Using 'youtube-dl'|Using `youtube-dl`]] #### Tricks - [[How to Use 'find' With File Metadata|How to Use `find` With File Metadata]] - [[Using 'curl' and 'jq' with Web APIs|Using `curl` and `jq` with Web APIs]] - [[Using NFS]] - [[Working With Samba]] ## Red Team ### Tools - [[MITRE ATT&CK Emulation Plans]] - [[Using Wireshark]] - [[Using Aircrack-NG]] - [[Using Burp Suite]] - [[Using 'cewl'|Using `cewl`]] - [[Using 'crackmapexec'|Using `crackmapexec`]] - [[Using CUPP]] - [[Using 'fuff'|Using `fuff`]] - [[Using 'gobuster'|Using `gobuster`]] - [[Using Hashcat]] - [[Using Hydra]] - [[Using Impacket]] - [[Using John the Ripper]] - [[Using Kerbrute]] - [[Using Metasploit]] - [[Using Mimikatz]] - [[Using 'netcat'|Using `netcat`]] - [[Using Nikto]] - [[Using 'nmap'|Using `nmap`]] - [[Using OWASP ZAP]] - [[Using Powercat]] - [[Using PowerView]] - [[Using Rubeus]] - [[Using 'socat'|Using `socat`]] - [[Using 'sqlmap'|Using `sqlmap`]] - [[Using 'tcpdump'|Using `tcpdump`]] - [[Using The Harvester]] - [[Using 'wfuzz'|Using `wfuzz`]] ### Tricks - [[Force 'more' Into Interactive Mode|Force `more` Into Interactive Mode]] - [[How to Add Windows Users (at the Command Line)]] - [[How to Quickly Bypass 'ssh-agent'|How to Quickly Bypass `ssh-agent`]] - [[How to Set PATH in a Session]] - [[Jump to an Editor in 'more'|Jump to an Editor in `more`]] - [[Quick-n-Dirty Python Web Server]] - [[Quickly Find the Canonical Path of a File]] - [[Read a File Beginning With a Dash (-)|Read a File Beginning With a Dash (`-`)]] - [[Set a Shell in ViM]] - [[SQL Injection]] - [[The Poison Null Byte]] - [[Windows Port Relay]] ### Enumeration - [[Enumerate Linux Environments]] - [[Enumerate NFS Shares]] - [[Enumerate Oracle SQL Server]] - [[Enumerate Samba Users and Shares]] - [[Enumerate 'sudo' Access|Enumerate `sudo` Access]] - [[Enumerate Users with 'finger'|Enumerate Users with `finger`]] - [[Enumerate Windows Environments]] - [[How to Find Executables with SUID Capabilities]] - [[How to Identify Windows Shares With Nmap]] ### Exploitation - [[Classic Windows Login & Lock Screen Hacks]] - [[DLL Hijacking]] - [[Exploiting Bash]] - [[Exploiting etc-passwd|Exploiting /etc/passwd]] - [[Exploiting etc-shadow|Exploiting /etc/shadow]] - [[Exploiting 'find'|Exploiting `find`]] - [[Exploiting HTML Applications]] - [[Exploiting IKE Aggressive Mode]] - [[Exploiting Java]] - [[Exploiting LD_LIBRARY_PATH]] - [[Exploiting LD_PRELOAD]] - [[Exploiting 'less'|Exploiting `less`]] - [[Exploiting MS SQL]] - [[Exploiting MySQL]] - [[Exploiting Nano]] - [[Exploiting Node.js]] - [[Exploiting Perl]] - [[Exploiting PHP]] - [[Exploiting Polkit]] - [[Exploiting PowerShell]] - [[Exploiting Python]] - [[Exploiting Ruby]] - [[Exploiting 'systemctl'|Exploiting `systemctl`]] - [[Exploiting 'tar'|Exploiting `tar`]] - [[Exploiting the Windows “Feature on Demand” Helper]] - [[Exploiting the Windows Scripting Host]] - [[Exploiting Unquoted Paths]] - [[Exploiting ViM]] - [[Exploiting Visual Basic for Applications]] - [[Exploiting Visual Basic Scripts]] - [[Exploiting Windows File Associations]] - [[Exploiting Windows Remote Management (WinRM)]] - [[Exploiting Windows Services]] - [[Exploiting Windows Shortcuts]] - [[Exploiting Windows Startup Tasks]] - [[Exploiting Windows Tasks]] - [[Exploiting Xterm]] - [[How to Load a Shell with a Simple Executable]] - [[JWT (JSON Web Tokens) Attacks]] - [[LFI (Local File Inclusion) Attacks]] - [[Minimal SUID Shell Launcher]] - [[SETUID Bash]] - [[Shell Escapes]] - [[XSS (Cross-Site Scripting) Attacks]] - [[XXE (XML External Entity) Attacks]] ## General Interest - [[Automate Netlify Builds with IFTTT]] - [[Bash Scripting Tricks]] - [[Change an OpenSSL Key Passphrase]] - [[Change an SSH Key Passphrase]] - [[Change the 'master' Branch in Git to 'trunk'|Change the `master` Branch in Git to `trunk`]] - [[Compact VirtualBox Disk Images]] - [[Confirm the Existence of a Gmail Address]] - [[Create a GPG Key (With SSH Support!)]] - [[Debugging Bash Scripts]] - [[Download SD Movies in iTunes]] - [[Export Highlights and Annotations from Kobo eReaders]] - [[Extract the Webpage Title of a URL]] - [[Find and Replace a Single Line in a Large Text File]] - [[Fix EXIF Data on Google Photos Exports]] - [[Get an SSL Certificate]] - [[iOS Shortcuts Quirks]] - [[Look Up Unicode and Emoji Symbols]] - [[OneDrive Quirks]] - [[Pull SSL Certificates from an External Server]] - [[Regex Metacharacters]] - [[Removing Duplicate Lines in Bash]] - [[Send a Command Using OpenSSL]] - [[Upgrading PostgreSQL]] - [[Use an Alternate SSH Key with Git]] - [[Use a Raspberry Pi 4B as an iPad Pro Hacking Accessory]] - [[Use OpenSSL to Encrypt and Decrypt Files]] ## Notes to Myself - [[Gemini Compatible Markdown]]