anotherhadi/blog
1
Fork 0
mirror of https://github.com/anotherhadi/blog.git synced 2026-05-20 05:32:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

edit notes

Browse Source 
Signed-off-by: Hadi <hadi@example.com>
This commit is contained in:
Hadi
2026-04-29 16:33:11 +02:00
parent 3b17b01d86
commit d2424e0a17
6 changed files with 297 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/content/notes/network/ftp.md
+62
View File
@@ -0,0 +1,62 @@
---
title: "FTP"
description: "Enumeration, exploitation and post-exploitation techniques for FTP servers."
tags: ["ftp", "network", "service"]
publishDate: 2026-04-29
---
## Overview
FTP runs on **port 21** (control) and uses a secondary data channel (port 20 for active, ephemeral port for passive).
Common implementations: vsftpd, ProFTPD, Pure-FTPd, FileZilla Server, IIS FTP.
## Enumeration
### Banner grabbing
```bash
nc -nv $IP 21
ftp $IP
```
The banner often reveals the software version: cross-reference with CVE databases.
### Nmap
```bash
nmap -sV -p 21 $IP
nmap -p 21 --script ftp-* $IP
```
Key scripts:
- `ftp-anon`: checks anonymous login
- `ftp-bounce`: tests for FTP bounce attack
- `ftp-brute`: brute-force credentials
- `ftp-syst`: retrieves system info
## Anonymous Login
```bash
ftp $IP
# Username: anonymous
# Password: <empty> or anonymous@
```
If allowed, list and download everything:
```bash
ls -la
mget *
```
Check for writable directories: you may be able to upload a webshell if FTP root overlaps with a web root.
## Brute Force
```bash
hydra -l $user -P /usr/share/wordlists/rockyou.txt ftp://$IP
medusa -h $IP -u $user -P /usr/share/wordlists/rockyou.txt -M ftp
```
Try default credentials first: `admin:admin`, `ftp:ftp`, `user:password`.
src/content/notes/nmap.md
-14
View File
@@ -1,14 +0,0 @@
---
title: "Notes in comming.."
description: ""
tags: []
publishDate: 2026-04-24
---
## Notes
Salut comment ça va ! $test1
```bash
nmap -p $port "$Ip"
```
src/content/notes/osint/bluesky.md
+97
View File
@@ -0,0 +1,97 @@
---
title: "Bluesky"
description: "Enumeration, search operators, API endpoints and tools for investigating Bluesky accounts."
tags: ["osint", "bluesky", "social-media", "enumeration"]
publishDate: 2026-04-29
---
## Key Concepts
Bluesky is built on the **AT Protocol**. Every account has two identifiers:
- **Handle**: `user.bsky.social` or a custom domain (can change)
- **DID**: `did:plc:ewvi7nxzyoun6zhxrhs64oiz` (permanent, survives handle changes)
All public content is accessible **without an account**. Follower/following lists are also public by default.
## Account Enumeration
### Resolve handle → DID
```
https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=$HANDLE
```
### Resolve DID → history (all past handles, keys, creation date)
```
https://plc.directory/$DID
```
### Get profile metadata
```
https://public.api.bsky.app/xrpc/app.bsky.actor.getProfile?actor=$HANDLE
```
Returns: DID, display name, description, follower/following count, creation date, avatar URL.
### Followers / following
```
https://public.api.bsky.app/xrpc/app.bsky.graph.getFollowers?actor=$HANDLE&limit=100
https://public.api.bsky.app/xrpc/app.bsky.graph.getFollows?actor=$HANDLE&limit=100
```
Paginate with the `cursor` field from the response.
## Search Operators
Bluesky's full-text search supports these operators (combinable):
| Operator | Example | Effect |
| ----------- | ----------------------------- | ----------------------------- |
| `"..."` | `"exact phrase"` | Exact match |
| `from:` | `from:handle.bsky.social` | Posts by user |
| `mentions:` | `mentions:handle.bsky.social` | Posts mentioning user |
| `since:` | `since:2024-01-01` | After date (UTC, YYYY-MM-DD) |
| `until:` | `until:2024-06-30` | Before date (UTC, YYYY-MM-DD) |
| `lang:` | `lang:fr` | Language (ISO 639-1) |
| `domain:` | `domain:github.com` | Posts linking to domain |
| `#tag` | `#osint` | Hashtag |
#### API equivalent
```
https://public.api.bsky.app/xrpc/app.bsky.feed.searchPosts?q={QUERY}&author={HANDLE}&since=2024-01-01&until=2024-12-31&lang=en&limit=25
```
## Google Dorks
Bluesky is heavily indexed by Google. Useful for finding profiles and posts without touching the platform:
```
site:bsky.app "$TARGET_NAME"
site:bsky.app "$TARGET_NAME" inurl:profile
site:bsky.app "$KEYWORD" since:2024-01-01
```
## Tools
### BlueSkyNet
Web app for searching and exporting Bluesky data to CSV. Wraps the public API with a UI for advanced search filters.
- [github.com/jakecreps/blueskynet](https://github.com/jakecreps/blueskynet)
### ClearSky
Shows block lists, blocking history, and who blocked a given account. Useful for mapping relationships and adversarial clusters.
- [clearsky.app](https://clearsky.app)
### plc.directory
Official DID PLC directory. Lookup a DID to get full account history: creation date, all past handles, key rotations.
- [plc.directory](https://plc.directory)
src/content/notes/osint/twitter-x.md
+138
View File
@@ -0,0 +1,138 @@
---
title: "X / Twitter"
description: "Enumeration, search operators, deleted content recovery and tools for investigating X accounts."
tags: ["osint", "twitter", "x", "social-media", "enumeration"]
publishDate: 2026-04-29
---
## Key Concepts
Every account has two identifiers:
- **Handle**: `@username` (can change)
- **User ID**: numeric, permanent (survives handle changes and suspensions)
Unlike [Bluesky](/notes/osint/bluesky), X now requires a login to browse most content in the browser. The free API tier (v2) is severely limited. Most open-source scraping tools that bypassed the API (Twint, snscrape, GetOldTweets3) are broken since the 2023 API lockdown.
## Account Enumeration
### Handle to User ID
The user ID stays constant when someone changes their handle or gets suspended. Several web tools resolve it:
- [tweeterid.com](https://tweeterid.com/)
- [commentpicker.com/twitter-id.php](https://commentpicker.com/twitter-id.php)
Or via the profile page source: look for `"id_str"` in the page JSON.
### Banner last update time
The profile banner URL contains a Unix timestamp indicating when the banner was last changed:
```
https://pbs.twimg.com/profile_banners/{user_id}/{unix_timestamp}/600x200
```
Right-click the banner image and copy the URL, or inspect the page source. Convert the timestamp at [unixtimestamp.com](https://www.unixtimestamp.com/).
### Timestamp from ID (Snowflake)
Twitter IDs are Snowflake IDs: the numeric value encodes the exact creation time of a tweet or account. Extract it with:
```python
tweet_id = 1234567890123456789
timestamp_ms = (tweet_id >> 22) + 1288834974657
```
`1288834974657` is Twitter's custom epoch (Nov 4, 2010). Works on both tweet IDs and user IDs — useful to confirm account creation date without needing profile metadata.
Several online converters exist if you don't want to do it manually — search "snowflake id decoder".
### Direct profile URL by ID
Old tweet/profile URLs using numeric IDs still resolve even after handle changes:
```
https://x.com/i/user/$USER_ID
```
## Search Operators
Accessible at `x.com/search`. Operators are combinable.
| Operator | Example | Effect |
| ----------------- | -------------------------- | ------------------------ |
| `"..."` | `"exact phrase"` | Exact match |
| `from:` | `from:handle` | Posts by user |
| `to:` | `to:handle` | Posts directed at user |
| `since:` | `since:2024-01-01` | After date (YYYY-MM-DD) |
| `until:` | `until:2024-06-30` | Before date (YYYY-MM-DD) |
| `lang:` | `lang:fr` | Language (ISO 639-1) |
| `near:` | `near:"Paris" within:10km` | Geo (web only, not API) |
| `geocode:` | `geocode:48.85,2.35,5km` | Geo by coordinates |
| `filter:images` | | Posts with images |
| `filter:videos` | | Posts with videos |
| `filter:links` | | Posts with URLs |
| `filter:verified` | | Verified accounts only |
| `-filter:replies` | | Exclude replies |
| `min_retweets:` | `min_retweets:100` | Engagement threshold |
| `min_faves:` | `min_faves:500` | Engagement threshold |
| `#tag` | `#osint` | Hashtag |
| `-term` | `-spam` | Exclude term |
Boolean: spaces imply AND, use uppercase `OR` for alternatives, parentheses for grouping.
#### Direct search URL
```
https://x.com/search?q=from%3A$HANDLE+since%3A2024-01-01&f=live
```
`f=live` returns chronological results instead of relevance-ranked.
## Google Dorks
```
site:x.com "$TARGET"
site:twitter.com "$TARGET"
site:x.com/i/status "$KEYWORD"
"twitter.com/$HANDLE" OR "x.com/$HANDLE"
```
Old `twitter.com` URLs are still indexed separately from `x.com`, search both.
## Deleted and Archived Content
### Wayback Machine
```
https://web.archive.org/web/*/twitter.com/$HANDLE/status/*
https://web.archive.org/web/*/x.com/$HANDLE/status/*
```
Manually browse snapshots, or use [waybacktweets](https://github.com/claromes/waybacktweets) to batch-retrieve CDX data:
```bash
pip install waybacktweets
waybacktweets $HANDLE
```
Outputs CSV/JSON with archived tweet URLs. Useful for deleted posts and suspended accounts.
### Twayback
Web tool wrapping the same Wayback CDX API with a UI:
```
https://twayback.space/
```
Note: only works if the tweet was crawled before deletion.
### Profile history
The Wayback Machine also archives profile pages: past bios, display names, profile photos, header images. Check snapshots at:
```
https://web.archive.org/web/*/twitter.com/$HANDLE
```
src/content/notes/test2.md
-14
View File
@@ -1,14 +0,0 @@
---
title: "test2"
description: ""
tags: []
publishDate: 2026-04-24
---
## Notes
Salut comment ça va ! $test1
```bash
nmap -p $test2 "$test3$test4"
```
src/content/notes/test3.md
-14
View File
@@ -1,14 +0,0 @@
---
title: "Bla blablalbal ae aetnaekjta ektae ktklaaek ljbtaekjb taekbt akejbt"
description: "lorem est seot nopsejt soejtosehtose ose toiseht jophs etosh etoshte osehtosht oshe topsh etopshiospehitopsehti."
tags: ["test", "test1", "test2"]
publishDate: 2026-04-24
---
## Notes
Salut comment ça va ! $test1
```bash
nmap -p $port "$Ip"
```