GET and POST methods are not the same

The more compact and summarized differences cab be seen on the picture.


Red-Team

The internet has become an integral part of today’s world.Computers and electronics equipment are increasing at a very fast rate connecting to the internet. With the growing use of the internet, protecting information has become a necessity. A computer that is not having appropriate security controls can be infected with malicious logic and thus any type of information can be accessed in moments which could pose a great threat.

And, The practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is cybersecurity. It’s also known as information technology security or electronic information security. …


Task 1: Deploy the room

Task 2: Compromise the system

Compromise the machine and read the user.txt and root.txt

Scan the machine, how many ports are open?

Now let’s fire up our nmap and scan the target:

nmap IP


Start the machine

Task 1: Capture the flags

Obtain the flag in user.txt :

Since We have an IP, let’s load it into the url and see what it returns


TShark

Task -1: Pre-Reqs

It is pre-installed in latest version of kali linux. If you have older version then you can install it by using “apt-get” command

sudo apt-get install tshark

Task -2: Reading PCAP Files

Read the instructions Carefully and Download the task file

In mine it is named “cap”

To read the file you can just use : “tshark -r cap”

To identify the number of packets in the capture : “tshark -r cap | wc -l

We can also apply filetrs:

to display only a particular type, we can do that as well :

tshark -r cap -Y “dns.qry.type ==1”


SimpleCTF

Start The machine

Task 1 : Simple CTF

How many services are running under port 1000?

A simple nmap scan will show the results


What is Hydra?

Hydra is a pre-installed tool in kali Linux. It is used to brute force an online password. We can use Hydra to run through a list and ‘brute-force some authentication service.

Hydra has the ability to brute-force the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion…


https://unsplash.com/@mbaumi

What are CSV files?

CSV, Known as Comma-separated Value is a plain text file, containing a list of data. Generally used to share datasets. These files are often used for exchanging data between different applications.


  1. Join this room
  2. Click the blue “Start AttackBox” button at the top right of this room. wait for 60 seconds for the IP to appear on the top.

Now you should see like this


Printers can be the pivot point for hacking into the network. There was news not so long ago that almost 50,000 printers were hacked, printing a message to subscribe to a famous YouTuber PewDiePie.

They hackers managed to own the printers through their open The Internet Printing Protocol (IPP). This is a specialized Internet protocol to communicate between client devices (mobile phones, tablets, computers, etc.) and printers (or print servers). It can run locally or over the Internet. …

Bibek Thapa Magar

I’m an electronics and Communication Engineer/ Cybersecurity Enthusiast/ Musician / Photographer / Video Editor

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store