Abhizer

Using NGINX as a TCP Load Balancer for your MYSQL or any other Database!

In this blog post, we will discuss using NGINX as a TCP load balancer while horizontally scaling MYSQL or any database that you are using, it doesn't really matter that much as our load balancer will be a layer 4 / TCP load balancer.

tcp

TCP vs UDP

This blog post discusses the differences between Transmission Control Protocol and User Datagram Protocol.

hackthebox

HackTheBox - Blunder | Walkthrough

Recon Starting with an nmap scan: nmap -A 10.10.10.191 -o nmap Starting Nmap 7.80 ( https:*//nmap.org ) at 2020-05-31 17:45 +0545* Nmap scan report for 10.10.10.191 Host is up (0.38s latency). Not shown: 998 filtered ports PORT STATE SERVICE VERSION 21/

hackthebox

HackTheBox - Quick | Walkthrough

Recon export ipaddress=10.10.10.186 ports=$(nmap -p- --min-rate=1000 -T4 $ipaddress | grep ^[0-9] | cut -d '/' -f 1 | tr '\\n' ',' | sed s/,$//); nmap -A -p$ports $ipaddress -o nmap The nmap run gives the following result: # Nmap 7.80 scan initiated Thu Apr

hackthebox

HackTheBox - Admirer | Walkthrough

Recon Starting off with an nmap scan. Let's see what's open. export $ipaddress=10.10.10.187 ports=$(nmap -p- --min-rate=1000 -T4 $ipaddress | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//); nmap -A -p$ports $ipaddress -o nmap # Nmap 7.80 scan

hackthebox

HackTheBox - Cascade | Walkthrough

Enumeration Let's start! First let's create a directory for this box. mkdir ~/hackthebox/cascade cd ~/hackthebox/cascade Now, to find out what's going on in the box, let's run nmap. nmap -A 10.10.10.182 -o nmap # Nmap 7.80 scan initiated Sun Mar 29 21:47:34 2020

hackthebox

HackTheBox - Magic | Walkthrough

Enumeration export $ipaddress=10.10.10.185 ports=$(nmap -p- --min-rate=1000 -T4 $ipaddress | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//); nmap -A -p$ports $ipaddress -o nmap Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-21 17:54 +0545 Nmap scan

hackthebox

HackTheBox - Traceback | Walkthrough

Enumerationvi /etc/hosts 10.10.10.181 traceback nmap -A 10.10.10.181 -o traceback/nmap ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 httpd Apache httpd 2.4.29 Google for the comment, some of the best web shells that you might need http://traceback/smevk.php `->

hackthebox

HackTheBox - Sauna | Walkthrough

Enumerationnmap -A 10.10.10.175 -o nmap Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-22 23:19 +0545 Nmap scan report for 10.10.10.175 Host is up (0.38s latency). Not shown: 988 filtered ports PORT STATE SERVICE VERSION 53/tcp open domain? | fingerprint-strings: | DNSVersionBindReqTCP: | version

hackthebox

HackTheBox - ServMon | Walkthrough

As always, let's start with an nmap scan: ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.184 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//); nmap -A -p$ports 10.10.10.184 -o nmap We see quite a few ports open.

hackthebox

HackTheBox - Resolute | Walkthrough

Recon nmap -A 10.10.10.169 enum4linux 10.10.10.169 > enum cat enum | grep "Account:" You should see some accounts and some creds Make a user list from it cat enum | grep "Account:" | cut -d " " -f8 > user_list msfconsole search

xss

The XSS Methodology | Finding Cross-Site Scripting Vulnerabilities

Recently, one of my friends asked me about my methodology while looking for Cross-Site Scripting, so I decided to do a blog post on it. Here, I will not be going over the different types of XSS vulnerabilities, its impact and all those things, and my assumption is that you

alpine-linux

Setup your Private VPN server with AWS EC2, Alpine Linux and OpenVPN in Minutes!

Easily setup your private VPN server with AWS EC2, Alpine Linux and OpenVPN in just a few minutes!

Laravel 7: Add a New username Field to the Default Authentication

First of all, you need to add the username field in the users table. To do that, add the following in create_users_table.php $table->string('username'); Now, migrate it. php artisan migrate:refresh Add it in the User.php model in the protected field: protected $fillable = [ 'name',

HackTheBox - OpenAdmin | Walkthrough

ReconAs always, let's start with a nmap scan. export ipaddress=10.10.10.171 ports=$(nmap -p- --min-rate=1000 -T4 $ipaddress | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//); nmap -A -p$ports $ipaddress -o nmap Starting Nmap 7.80 ( https://nmap.org

HackTheBox - Traverxec | Walkthrough

Enumeration Checking connection: ping 10.10.10.165 Finding out more about the webserver: nmap -A 10.10.10.165 -o nmapresults.txt We see that on port 80, there's a Nostromo service running. Let's see if there's an exploit for it. Checking for an exploit: searchsploit nostromo So there

Bug Bounty Hunting Tools setup in Alpine Linux in a Docker!

Bug Bounty Hunting Tools set up in Alpine Linux! Link to GitHub repo: https://github.com/abhizer/alpine_linux_bbht I was working with an Ubuntu docker but then decided to switch to Alpine because its light weight and minimal. And, just wanted to share this with you guys! For

Setting up a Python Development Environment with Docker and Alpine Linux!

Frist, download and install Docker Desktop in your computer. Once, you are done with that, you can follow the steps here to create a development environment! Setting up the Docker First pull the docker image: docker pull alpine Verify that it as been downloaded: docker images Now run it: docker

Passing Terminal traffic through BurpSuite

To pass terminal traffic through Burp, first open up Burp and then you should probably turn the Intercept off. At least, that is what I like to do. We will be using Proxychains here. So, first, let's configure it. vi /etc/proxychains.conf Go to the end and write, #burpsuite

recon.sh - Simple recon script

A very simple recon script that uses the previous subdomains.sh script, and httprobe, waybackurls by @tomnomnom and then, uses dig to find their IP addresses. Github link: https://github.com/abhizer/recon.sh

subdomain.sh - Complies the outputs of findomain, sublist3r and assetfinder

As I am getting started with Bug Bounty hunting, I've found that subdomain enumeration is a key component to it. And, there are a lot of tools that can be used for it, each with their own pros and cons. So, I decided to put together a simple script that

HackTheBox - Postman | Walkthrough

Postman is an easy marked box in HackTheBox, it just retired and here's my writeup! First, let's add the hostname postman to the hosts file so that, we don't always need to type in the IP address. vi /etc/hosts Hit i (going to input mode) 10.10.10.160

Laravel 6 - php 7.4 | MySQL Errors Fix SQLSTATE[HY000] [2006] & SQLSTATE[HY000] [2002]

So, when I was creating my first laravel 6 app and trying to connect it to the database, I got these two errors: PDOException : SQLSTATE[HY000] [2006] MySQL server has gone away Illuminate\Database\QueryException : SQLSTATE[HY000] [2002] Connection refused (SQL: select * from information_schema.tables where table_schema = chat_

FIXED : Composer - [ErrorException] "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"?

I had been away from laravel for a few months and today, when I decided to take a look at it again and install laravel/valet, the composer just wouldn't work. Abhizer@Abhizer > ~/Development > composer global require "laravel/valet" Changed current directory to /Users/Abhizer/.composer Using version ^2.7

Windows Privilege Escalation: DNSAdmins to Domain Admins - Server Level DLL Injection

Say you have compromised a Windows machine that provides Active Directory Directory Services to its users and have gained access as a user who is a part of the DNSAdmins group, you can use this method to privilege escalate. Here, what we're doing is: Making a dll payload that sends