anotherhadi/blog
1
Fork 0
mirror of https://github.com/anotherhadi/blog.git synced 2026-05-20 13:32:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: anotherhadi/blog:a74f6b91d4d8ef85257f7051dcad05671e2b60e1
Branches Tags
anotherhadi/blog:main anotherhadi/blog:dependabot/npm_and_yarn/astro-6.1.10
anotherhadi/blog:v1.0.0
..
compare: anotherhadi/blog:99890dd1ef5179270f41a931ae9df44cae5ba102
Branches Tags
anotherhadi/blog:dependabot/npm_and_yarn/astro-6.1.10 anotherhadi/blog:main
anotherhadi/blog:v1.0.0

8 Commits
a74f6b91d4 .. 99890dd1ef

Author SHA1 Message Date
Hadi 99890dd1ef Add crt.sh 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-04 16:03:15 +02:00
Hadi db42928299 Add Google cache & VirusTotal 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-04 16:03:12 +02:00
Hadi 73b668b204 Change link-cards height 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-04 15:19:20 +02:00
Hadi c314445219 Init RDP 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-04 14:17:54 +02:00
Hadi b4b755b608 Init ssh 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-04 14:15:59 +02:00
Hadi 3e60ae5a35 Change wordlists paths 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-04 14:11:38 +02:00
Hadi 4f64ccf706 Init telnet 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-04 14:11:03 +02:00
Hadi d6d410a2fa Add notes & card styling 
Signed-off-by: Hadi <hadi@example.com>
 2026-05-04 14:03:48 +02:00
11 changed files with 431 additions and 5 deletions
Expand all files Collapse all files
src/components/NoteGraph.svelte
+1
View File
@@ -269,6 +269,7 @@
});
</script>
<!-- svelte-ignore a11y_no_interactive_element_to_noninteractive_role -->
<canvas
bind:this={canvas}
height="190"
src/components/NoteVars.svelte
+4 -2
View File
@@ -1,5 +1,5 @@
<script lang="ts">
import { onMount } from "svelte";
import { onMount, untrack } from "svelte";
interface Props {
vars: string[];
@@ -8,7 +8,7 @@
const { vars }: Props = $props();
let values = $state<Record<string, string>>(
Object.fromEntries(vars.map((v) => [v, ""])),
untrack(() => Object.fromEntries(vars.map((v) => [v, ""]))),
);
let open = $state(false);
let applied = $state(false);
@@ -71,12 +71,14 @@
{#each vars as v}
<div class="flex items-center gap-3">
<label
for={`var-${v}`}
class="font-mono text-xs text-primary/70 w-36 shrink-0 truncate"
title={`$${v}`}
>
${v}
</label>
<input
id={`var-${v}`}
type="text"
bind:value={values[v]}
placeholder={`$${v}`}
src/content/notes/network/ftp.md
+2 -2
View File
@@ -55,8 +55,8 @@ Check for writable directories: you may be able to upload a webshell if FTP root
## Brute Force
```bash
hydra -l $user -P /usr/share/wordlists/rockyou.txt ftp://$IP
medusa -h $IP -u $user -P /usr/share/wordlists/rockyou.txt -M ftp
hydra -l $user -P ~/wordlists/rockyou.txt ftp://$IP
medusa -h $IP -u $user -P ~/wordlists/rockyou.txt -M ftp
```
Try default credentials first: `admin:admin`, `ftp:ftp`, `user:password`.
src/content/notes/network/rdp.md
+46
View File
@@ -0,0 +1,46 @@
---
title: "RDP"
description: "Enumeration, exploitation and post-exploitation techniques for RDP servers."
tags: ["rdp", "network", "service"]
publishDate: 2026-05-04
---
## Overview
RDP (Remote Desktop Protocol) runs on **port 3389** and provides a graphical remote session.
Common on Windows servers and workstations.
## Enumeration
### Banner grabbing
```bash
nmap -sV -p 3389 $IP
nmap -p 3389 --script rdp-* $IP
```
Key scripts:
- `rdp-enum-encryption`: checks encryption level
- `rdp-vuln-ms12-020`: tests for MS12-020 DoS vulnerability
## Connect
```bash
xfreerdp /u:$user /p:$password /v:$IP
xfreerdp /u:$user /p:$password /v:$IP /cert:ignore
rdesktop $IP
```
Pass the hash directly (no plaintext password needed):
```bash
xfreerdp /u:$user /pth:$hash /v:$IP
```
## Brute Force
```bash
hydra -l $user -P ~/wordlists/rockyou.txt rdp://$IP
crowbar -b rdp -s $IP/32 -u $user -C ~/wordlists/rockyou.txt
```
src/content/notes/network/ssh.md
+75
View File
@@ -0,0 +1,75 @@
---
title: "SSH"
description: "Enumeration, exploitation and post-exploitation techniques for SSH servers."
tags: ["ssh", "network", "service"]
publishDate: 2026-05-04
---
## Overview
SSH runs on **port 22** and provides an encrypted remote shell.
Common implementations: OpenSSH, Dropbear, Bitvise.
## Enumeration
### Banner grabbing
```bash
nc -nv $IP 22
ssh $IP
```
The banner reveals the software and version (e.g. `OpenSSH_9.2`).
### Nmap
```bash
nmap -sV -p 22 $IP
nmap -p 22 --script ssh-* $IP
```
Key scripts:
- `ssh-hostkey`: retrieves the server's public key
- `ssh-auth-methods`: lists accepted authentication methods
- `ssh-brute`: brute-force credentials
## Connect
```bash
ssh $user@$IP
ssh -p 2222 $user@$IP
ssh -i id_rsa $user@$IP
```
## Brute Force
```bash
hydra -l $user -P ~/wordlists/rockyou.txt ssh://$IP
medusa -h $IP -u $user -P ~/wordlists/rockyou.txt -M ssh
```
Only viable if password auth is enabled. Check with:
```bash
ssh -v $user@$IP
```
Look for `publickey,password` in the output.
## Key-Based Auth
If you find a private key (`id_rsa`), set permissions and connect:
```bash
chmod 600 id_rsa
ssh -i id_rsa $user@$IP
```
If the key is encrypted, crack the passphrase:
```bash
ssh2john id_rsa > hash.txt
john hash.txt --wordlist=~/wordlists/rockyou.txt
hashcat -m 22921 hash.txt ~/wordlists/rockyou.txt
```
src/content/notes/network/telnet.md
+52
View File
@@ -0,0 +1,52 @@
---
title: "Telnet"
description: "Enumeration, exploitation and post-exploitation techniques for Telnet servers."
tags: ["telnet", "network", "service"]
publishDate: 2026-05-04
---
## Overview
Telnet runs on **port 23** and transmits all data (including credentials) in **cleartext**.
Common on embedded devices, legacy systems, routers, and IoT equipment.
## Enumeration
### Banner grabbing
```bash
nc -nv $IP 23
telnet $IP
```
The banner often reveals the OS, hostname, or device type.
### Nmap
```bash
nmap -sV -p 23 $IP
nmap -p 23 --script telnet-* $IP
```
Key scripts:
- `telnet-ntlm-info`: extracts NTLM info (Windows targets)
- `telnet-brute`: brute-force credentials
## Connect
```bash
telnet $IP
telnet $IP 23
```
Login with `user` / `password`. Session is fully interactive once authenticated.
## Brute Force
```bash
hydra -l $user -P ~/wordlists/rockyou.txt telnet://$IP
medusa -h $IP -u $user -P ~/wordlists/rockyou.txt -M telnet
```
Try default credentials first. Routers and embedded devices commonly ship with `admin:admin`, `root:root`, or blank passwords.
src/content/notes/osint/information-gathering.md
+69
View File
@@ -0,0 +1,69 @@
---
title: "Information Gathering"
description: "Essential cybersecurity cheatsheet for Information Gathering and Open Source Intelligence (OSINT). Discover data related to emails, domains, usernames, and images using both command line and online tools."
tags: ["osint", "enumeration", "information-gathering"]
publishDate: 2026-05-03
---
**Information Gathering**, often referred to as **Open Source Intelligence (OSINT)** in the context of ethical hacking, is the systematic collection and analysis of publicly available data about a target, providing the foundational knowledge necessary to identify potential vulnerabilities and craft targeted security assessments.
## Command line tools
| **From** | **Use** |
| --------- | ----------------------------------------------------------------------------------------------- |
| Email | `holehe $email` |
| | `ghunt email $email` (for google account) |
| | `github-recon $email` ([link](http://github.com/anotherhadi/github-recon/), for github account) |
| Domain | `theHarvester -d $domain -l 100` |
| | `theHarvester -d $domain -l 100 -b all` (full) |
| Username | `sherlock $username` |
| Image | `exiftool $imagePath` |
| Instagram | `instaloader profile $username` |
| Github | `trufflehog github --org=$usernameOrOrg` |
| | `github-recon $username` ([link](http://github.com/anotherhadi/github-recon/)) |
## Online tools
| **For** | **Use** |
| ---------- | ------------------------------------------------------ |
| Visualiser | [OSINTracker](https://www.osintracker.com/) |
| IP | [Shodan](https://www.shodan.io/) |
| | [Censys](https://search.censys.io/) |
| Domain | [Whois](https://www.whois.com/whois/) |
| | [crt.sh](https://crt.sh/) (certificate transparency) |
| Name | [Webmii](https://webmii.com/) |
| | [BreachDirectory](https://breachdirectory.org/) |
| | [LeakLookup](https://leak-lookup.com/search) |
| | [IntelX](https://intelx.io/) |
| | [Genealogic.review](https://genealogic.review/) |
| SSID | [Wigle](https://wigle.net/) |
| Image | [PimEyes (faces)](https://pimeyes.com/) |
| | [Lenso (faces)](https://lenso.ai) |
| | [TinEye](https://tineye.com) |
| | [Pic2Map (exif geolocation)](https://www.pic2map.com/) |
| Username | [DeHashed](https://dehashed.com/search) |
| | [BreachDirectory](https://breachdirectory.org/) |
| | [IntelX](https://intelx.io/) |
| | [LeakLookup](https://leak-lookup.com/search) |
| | [Oathnet](https://oathnet.org/) |
| Email | [DeHashed](https://dehashed.com/search) |
| | [Hunter](https://hunter.io/) |
| | [HaveIBeenPwned](https://haveibeenpwned.com/) |
| | [BreachDirectory](https://breachdirectory.org/) |
| | [LeakLookup](https://leak-lookup.com/search) |
| | [IntelX](https://intelx.io/) |
| | [Oathnet](https://oathnet.org/) |
| Phone | [Epieos](https://epieos.com/) |
| Instagram | [Dumpor](https://dumpor.io/) |
| Misc | [Goosint](https://goosint.com/) |
| | [OSINT Framework](https://osintframework.com/) |
| | [OSINT Dojo](https://osintdojo.com/) |
## OSINT Aggregation Tool
<a href="https://iknowyou.hadi.icu" class="link-card not-prose" target="_blank">
<span>
<h4>IKnowYou</h4>
<p>Self-hosted OSINT aggregation platform: Run dozens of open-source intelligence tools against a single target in parallel; all from one clean web interface.</p>
</span>
</a>
src/content/notes/osint/sock-puppets.md
+83
View File
@@ -0,0 +1,83 @@
---
title: "Sock Puppets"
description: "Essential cheatsheet on creating and managing Sock Puppets (fake identities) for ethical security research and Open Source Intelligence (OSINT), focusing on maintaining separation from personal data and bypassing common verification."
tags: ["osint", "sock-puppets"]
publishDate: 2026-05-03
---
Sock puppets are fake identities use to gather information from a target.
The sock puppet should have no link between your personal information and the fakes ones. (No ip address, mail, follow, etc..)
## Information generation
<a href="https://fakerjs.dev" class="link-card not-prose" target="_blank">
<span>
<h4>Faker</h4>
<p>Generate massive amounts of fake data</p>
</span>
</a>
<a href="https://fakenamegenerator.com/" class="link-card not-prose" target="_blank">
<span>
<h4>Fake Name</h4>
<p>Personal informations</p>
</span>
</a>
<a href="https://www.thispersondoesnotexist.com/" class="link-card not-prose" target="_blank">
<span>
<h4>This Person Does Not Exist</h4>
<p>Generate fake image</p>
</span>
</a>
## Bypass phone verification
<a href="https://www.smspool.net/" class="link-card not-prose" target="_blank">
<span>
<h4>SMSPool</h4>
<p>Cheapest and Fastest Online SMS verification</p>
</span>
</a>
<a href="https://receive-sms-online.info" class="link-card not-prose" target="_blank">
<span>
<h4>Receive Sms Online</h4>
<p>Free SMS verification</p>
</span>
</a>
<a href="https://receivefreesms.net" class="link-card not-prose" target="_blank">
<span>
<h4>Receive Free Sms</h4>
<p>Free SMS verification</p>
</span>
</a>
<a href="https://receive-smss.com" class="link-card not-prose" target="_blank">
<span>
<h4>Receive Free Sms</h4>
<p>Free SMS verification</p>
</span>
</a>
<a href="https://onlinesim.io/" class="link-card not-prose" target="_blank">
<span>
<h4>Online Sim</h4>
<p>SMS verification with free tier</p>
</span>
</a>
<a href="https://sms4stats.com/" class="link-card not-prose" target="_blank">
<span>
<h4>Sms 4 Sats</h4>
<p>Paid SMS verification</p>
</span>
</a>
<a href="http://sms4sat6y7lkq4vscloomatwyj33cfeddukkvujo2hkdqtmyi465spid.onion" class="link-card not-prose" target="_blank">
<span>
<h4>Sms 4 Sats (Onion)</h4>
<p>Paid SMS verification. Tor version</p>
</span>
</a>
src/content/notes/osint/tips.md
+42
View File
@@ -0,0 +1,42 @@
---
title: "Tips"
description: "A cheatsheet of practical tips and unconventional methods for Open Source Intelligence (OSINT), focusing on advanced data visualization, information leakage detection, and utilizing web archives for historical data."
tags: ["osint"]
publishDate: 2026-05-03
---
## Visualisation
Use [OSINTracker](https://app.osintracker.com/) to visualise your findings.
It allows you to create a graph of your findings, which can help you see connections and relationships between different pieces of information.
## Forgotten passwords
To find email addresses and phone numbers associated with an account, you can click on "Forgot password?" on the login page of a website. Be careful, though, this creates notifications and can be detected by the target, and often gives your information away.
## Archive Search
- [Wayback Machine](https://web.archive.org) stores over 618 billion web captures
- [Archive.ph](https://archive.ph) creates on-demand snapshots, including for JS-heavy sites, with both a functional page and screenshot version
## Google Cache
Google keeps a cached version of most indexed pages. Access it with the `cache:` operator:
```
cache:example.com
cache:example.com/page
```
If the page has been taken down or modified, the cached version may still show the original content.
## Domain History
[VirusTotal](https://www.virustotal.com) shows the historical DNS records, subdomains, and associated IPs for any domain — useful when a site has moved or been taken down.
[ViewDNS.info](https://viewdns.info) covers WHOIS history, reverse IP, reverse MX, and port scans from a single interface.
## Bookmarklets
- [K2SOsint/Bookmarklets](https://github.com/K2SOsint/Bookmarklets)
- [tools.myosint.training](https://tools.myosint.training/)
src/pages/notes/[...slug].astro
+3 -1
View File
@@ -242,7 +242,9 @@ const headings = extractHeadings(entry.body ?? "");
const s = document.createElement("style");
s.id = "heading-anchor-styles";
s.textContent = `
.note-content h2, .note-content h3, .note-content h4 {
.note-content h2:not(.link-card h2),
.note-content h3:not(.link-card h3),
.note-content h4:not(.link-card h4) {
display: flex !important;
align-items: center;
flex-wrap: wrap;
src/styles/global.css
+54
View File
@@ -39,3 +39,57 @@
.btn:not(.btn-circle):not(.btn-square) {
@apply rounded-lg;
}
@layer components {
.link-card {
display: flex;
align-items: center;
padding: 0 0.875rem;
border-radius: var(--radius-box);
border: 1px solid oklch(24% 0 0);
background: transparent;
color: var(--color-base-content);
text-decoration: none !important;
transition: background 0.15s ease, border-color 0.15s ease;
margin-block: 0.25rem;
}
.link-card::after {
content: "↗";
margin-left: auto;
padding-left: 0.75rem;
opacity: 0;
color: var(--color-primary);
font-size: 0.75rem;
transition: opacity 0.15s ease, transform 0.15s ease;
transform: translate(-4px, 4px);
flex-shrink: 0;
}
.link-card:hover {
background: var(--color-base-200);
border-color: var(--color-primary);
}
.link-card:hover::after {
opacity: 1;
transform: translate(0, 0);
}
.link-card span {
display: flex;
flex-direction: column;
}
.link-card h4 {
font-size: 0.85rem;
font-weight: 600;
margin: 0;
line-height: 1;
transition: color 0.15s ease;
}
.link-card:hover h4 {
color: var(--color-primary);
}
.link-card p {
font-size: 0.75rem;
margin: 0;
line-height: 1;
color: oklch(52% 0 0);
}
}