Search

Nishant Parhi

Privacy is an illusion

Top 5 Favorite Vim Plugin

Vim-eunucha

This plugin adds core Unix file operations in the character like vim.

Vim Plug Installation:

Plug 'https://github.com/tpope/vim-eunuch'
:Mkdir          - to make a directory
:Clocate        - to run locate
:SudoEdit       - to edit with root permission
:Move           - to move a file/folder
:Cfind          - to run the find command

NERDTree-Plugin to display an interactive file tree

The NERDTree plugin allows us to overview and open files and folders. It displays it in a tree structure.

Vim Plug Installation:

Plug 'https://github.com/scrooloose/nerdtree'

Capture2

Vim Gitgutter-

Gitgutter allows us to see the signs for additions (+), modifications (~), or removals (-) in the vim window if the file we are editing is in a git repo.

Vim Plug Installation:

Plug 'https://github.com/airblade/vim-gitgutter'

Capture

This is the README.md file of Fedora-app

Emmet

Emmet is a great tools for website developers. It can write HTML, CSS, JS when a command is given.

Vim Plug Installation:

Plug 'https://github.com/mattn/emmet-vim'

For example:

html:5

Gets converted to

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title></title>
</head>
<body>
                 MY-Body
</body>
</html>

Capture3

Asynchronous Lint Engine(ALE)

This plugin is used for code analysis. It will displays marks for any errors and warnings directly in Vim.

Vim Plug Installation:

Plug 'https://github.com/w0rp/ale'

Capture1

The lines which have 2 red inequality sign(>>) show the errors and warnings.

How to install the plugins

Write this in your .vimrc to download my favorite plugins.

Screenshot (8)

After writing this open VIM and type ‘:PlugInstall’

 

 

 

Top 5 Favorite Ansible module

The Git Module

The ‘Git Module’ allows us to manage git checkouts to deploy software. For Example:

# Example read-write git checkout
- git:
    repo: ssh://git@github.com/yourid/yourrepo.git
    dest: /home/folder/yourrepo

The Script Module

This module takes the script name that runs locally on the remote system. This is a good feature as other ways to run a script on ansible is time taking. This is also called the shell module. For example:

- script: /some/local/sample_script.sh --some-arguments testvar
  args:
    creates: /the/created/sample.txt

The Mail Module

This module is useful for sending emails using ansible. In complex environments there are processes that cannot be automated, either because lack of authority to make it or because people disagrees to a common approach. For example,

# Sending an e-mail from Gmail using ansible
- mail:
    host: smtp.gmail.com
    port: 587
    username: username@gmail.com
    password: mypassword
    to: mail receiver<mailreceiver@gmail.com>
    subject: Type your subject
    body: 'This is your body.'
  delegate_to: localhost

The Notification Module

Send notification message via Slack.

- hosts: name_of_server
  tasks:
   - name: Send notification message through Slack
     local_action:
         module: slack
         # To retrieve your slack token, open your team settings.
         token: //
         msg: "Hello"
         channel: "#general"
         username: "ansible-notification-bot"

The syslogger Module

This module helps to add log entries to the host computer.

# Full example
- name: Test syslog
  syslogger:
    msg: "Your message"
    priority: "err"
    facility: "daemon"
    log_pid: true

# Basic usage
- name: Simple Usage
  syslogger:
    msg: "File saved as daemon.info"

 

How to use BurpSuite like a Pro

Burp Suite is one of my favorite tools for web application testing. The feature set is rich, and anything that it does not do by default can usually be added with an extension. There are a few things, however, that while they exist in Burp Suite, are not completely intuitive. Below are a few pro tips to help you get the most out of your web application tests.
Password Brute Forcing
Often, penetration testers will want to brute force passwords to gain access or to test password lockout policy in an application. While tools like Hydra exist for this purpose, I find it is much easier to tune in Burp. All you need to do is start by sending the POST request associated with the logon to Burp Intruder.
Clear out all the auto-selected parameters, highlight the password field and click the “add” button. Keep the Attack Type as “Sniper.” Switch to the payload tab and keep the payload type set to “simple list.” Either paste in your wordlist from the clipboard or click the “load…” button and select a wordlist file. Click the “Start attack” button. When you get the results, you are going to want to look for differences in the responses. Typically, I will sort by length to find differences in responses. Another method is to click the “Options” tab and use “Grep – Match” or “Grep – Extract” to flag items with keywords or strip out certain strings from within the responses.
Password Spraying
This is going to be similar; however, in this case we are assuming we have a list of usernames. While it’s unlikely a single user has a weak password, it’s much more likely that one of many users has a weak password. We will go through the same steps, except in the positions tab, we will need to highlight both the username and password fields. Also take note that we switched the attack type to “Cluster bomb.”
When you go to the payloads tab it will be slightly different. You will have two options under payload set. The #1 refers to the username (first highlighted parameter) and the #2 is the second highlighted parameter, the password.  Both can be set as “Simple list.” For Payload #1, load in your username list. For Payload set #2, add in a couple of simple, common passwords such as “Summer17!” or “$Comapanyname1.” I would recommend only using 3 to 5 passwords, as the targeted application may lock out user accounts. When you run the attack, it will try every username with every password specified. This means if you had 10 users, and 3 passwords each, it would send 30 requests. As before, look at the responses. Compare response lengths and consider using grep under the “Options” tab to extract data from the responses or identify keywords.
CSRF Tokens
Some applications will use CSRF tokens on login pages to stop this exact type of attack. This can be really annoying for an attacker. Luckily, Burp has an answer, using Burp Macros. In the following example, I will add a user in WordPress since it requires a CSRF token each time. You can use this same methodology against anything else, such as a login form that requires it. The first step is to go to “Project Options” and click “Add” under “Macros.” You will need to include two requests: one where the CSRF token is defined, and the POST request you want to submit. In the case of WordPress, this is on the user-new.php page.
Click “Configure Item” on the first request with the CSRF token. Click “add” under the “Custom parameter locations in response.” Find the CSRF token and highlight it. Burp will automatically add the start and end values needed for extraction. Go into the other request and configure it as well.
Set all the items to the preset except for the CSRF token, which needs to say, “Derive from prior response.”
Add a new Session Handling Rule. Click add and select “run macro.” Add the macro you created earlier and click the radio button that says, “Update only the following parameters” and put in the value of the parameter that contains the CSRF token.
Take the login page or, in this case, the add user POST request and send it to intruder. Set up the Intruder and attack as if you were doing a password brute force. When you run the attack, the macro will run automatically, as it is defined as a session handling rule, and the CSRF token will be automatically retrieved and placed in that parameter. For a good article discussing this, check out the SecureState blog.
Re-validating Sessions
Sometimes when scanning a web application, the application will automatically invalidate your session if it identifies something suspicious. After your session gets invalidated, Burp continues to scan. This is not good, as we will miss findings because all the responses to Burp Scanner’s payloads won’t contain an actual response, but instead will likely provide a generic redirect to the login form.
To fix this problem, we can add a Session Handling Rule; but first, we need to make a simple macro. Go to the Project Options -> “Sessions” and under “Macros” click “Add.” For the macro item, we just want a copy of the POST request performed when logging in. It will usually look something like this:
Next, we want to add a New Session Handling Rule. Click “Add” Under “Session Handling Rules.”
Under “Rule Actions” click “Add” and select “Check session is valid.”
You will need to identify some condition present when you become logged out. This will vary for each web application. You can look for a string in the response body, such as “logged out,” or you can check for a redirect to the sign-out/sign-in pages.
You need to make sure the “If session is invalid, perform the action below” box is checked. Put “Run a macro” from the drop-down box and select the macro created earlier in the sign-in process.
Lastly, ensure the checkbox “Update current request with cookies from session handling cookie jar” is selected, near the bottom.
Now whenever you become logged out, Burp will see this, re-authenticate, and add the new valid cookies on all subsequent responses.
For a lengthier description of this process, check out the blog from SecureLayer7.
Targeted Scanning
While simple in nature, this trick is super helpful. Most of the time I scan in Burp, I will select items in the site map and just click “Actively Scan this Host” or “Actively Scan this Branch.” While this is great, I don’t always know exactly what is being scanned and if something is being scanned unnecessarily. To scan parameters that I specifically want to target, we can send the request to Burp Intruder. Once in Intruder, we can select the parameter we are interested in and highlight it. If we right click anywhere in the box, we have the option “Actively Scan defined insertion points.”
Now the scanner will focus solely on the parameter we chose. This is a fast way to target the parameters that would be likely candidates to contain a vulnerability.
Finding Hidden Pages
If you have used Burp, you have probably used it to spider a page. Additionally, you can use “Discover Content” by right clicking on something and clicking “Engagement Tools.” Both of these will find content you may not have discovered through manual browsing. Once you have browsed the website thoroughly, click in the contents pane in the center of the page and select everything. Right click and go to “Highlight.” Select any color. Now run either Spider or “Discover Content.” You will see new items added to the Contents pane, though they will not be highlighted. These are items that were newly discovered by either the spider or by “Discover Content.”
SSL Stripping
If the client is missing the Strict-Transport Security header, a demo of an SSL stripping attack may help them understand the risk. Without needing to download SSLstrip, you can simulate this attack in Burp Suite.
You will need to go to the Proxy tab and then click on the Options tab. From there, edit your Proxy listener and click the box that says, “Force use of SSL.”
Down below on the Options page there will be two check boxes that you will need to click, “Covert HTTPS to HTTP” and “Remove secure flag from cookies.”
Now next time you visit the page without specifying the protocol, your browser will display the content over HTTP, and Burp will relay the content over HTTPS.

Up ↑