Skip to main content

Casual Blog

Tag: Hacking

To all tags

HowTo Hack S3

# What is S3?

## Abstract

S3 (Amazon Simple Storage Service) - object storage. You can think of it as cloud storage but designed for storing and retrieving large files. E.g. backups, archives, big data analytics, content distribution, and static website content.

S3 can be selfhosted (but you probably shouldn’t do it). In other cases, company probably will use Amazon’s S3 or one of those providers:

  • DigitalOcean
  • DreamHost
  • GCP
  • Linode
  • Scaleway

S3 have “buckets” - container/folder for files.

https://blog.ca.sual.in/hacking/howto_s3/ Casual

HowTo customize wordlist

# General wordlist manipulation

https://github.com/glitchedgitz/cook
“A wordlist framework to fullfill your kinks with your wordlists.”

“An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.”

Can do anything (except targeted wordlist creation)

## Dedupe

https://github.com/nil0x42/duplicut
“Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)”

https://blog.ca.sual.in/hacking/howto_customize_wordlist/ Casual

HowTo create wordlist

# Using info on person

simple with interactive mode (+ the most new): https://github.com/r3nt0n/bopscrk

# When person probably uses passphrase

https://github.com/initstring/passphrase-wordlist

# There are also:

https://github.com/Mebus/cupp - last update 2020 https://github.com/LandGrey/pydictor - last update 2017 https://github.com/sc0tfree/mentalist - last update 2017 - GUI with support for generating rules for hashcat and John?

https://blog.ca.sual.in/hacking/howto_create_wordlist/ Casual

ListOf wordlists

# Web

Rockyou for web dirs - six2dez/OneListForAll. It have

  • micro - 26K lines - “manally crafted wordlist for low hanging fruits”
  • short - 900K lines - a short version, it also contains a lot of things, but in a more affordable way

Special pathes - LFI, juicy APIs, misconfigurations.. etc - ayoubfathi/leaky-paths

Platform specific (drupal,wordpress…) - trickest/wordlists

Common sensitive points - RobotsDisallowed

A lot of stuff. - Seclist

# Passes

## The most used passwords

Combo of all wordlists with count of how much times is used - berzerk0/Probable-Wordlists

https://blog.ca.sual.in/hacking/listof_wordlists/ Casual

HowTo learn hacking

It’s my personal hacking learning strategy:

  • Superficially recognize how it is done - you need to find familiar concepts
  • Read OWASP Top-10 for it
  • PRACTICE! Try find lab for this taks (Portswigger)
  • Gather methodology on testing from various sources
  • Get list of hack tools
  • Based on methodology create own checklist on pentest
  • Find checklists for this topic online and combine with own if needed
  • PRACTICE! (TryHackMe, HackTheBox, Portswigger…)
  • Fill the knowledge gaps
  • Extra: Read books and articles to deepen knowledge base
Sources
  • Random YouTube videos
  • My Experience
https://blog.ca.sual.in/hacking/howto_learn_hacking/ Casual