Merge pull request hideckies#47 from hideckies/dev

added IPP Pentesting

src/_data/site.yml

@@ -1,8 +1,6 @@
 title: Exploit Notes
 description: Sticky notes for pentesting. Search hacking techniques and tools for penetration testings, bug bounty, CTF. 
-me:
-  name: H1d3k1
-  fullname: H1d3k1 15h1gur0
+author: hdks
 github:
   name: GitHub
   url: https://github.com/hideckies/exploit-notes
@@ -11,10 +9,6 @@ twitter:
   name: Twitter
   url: https://twitter.com/hideckies
   icon: /assets/twitter.png
-mastodon:
-  name: Mastodon
-  url: https://infosec.exchange/@hx15h1gur0
-  icon:
 tags:
   - Active Directory
   - Cloud

src/_includes/layouts/base.njk

@@ -7,6 +7,14 @@
         <meta name="description" content="{{ description or site.description }}">
         <link rel="icon" type="image/x-icon" href="/assets/favicon-32.png">
         <link rel="stylesheet" href="/styles.css">
+
+        <meta name="twitter:card" content="summary_large_image">
+        <meta name="twitter:site" content="@hideckies">
+        <meta name="twitter:creator" content="@hideckies">
+        <meta property="og:url" content="{{ url }}">
+        <meta property="og:title" content="{{ title or site.title }} {% if url != "/" %}| {{ site.title }}{% endif %}">
+        <meta property="og:description" content="{{ description or site.description }}">
+        <meta property="og:image" content="https://exploit-notes.hdks.org/screenshot.png">
     </head>
     <body>
         {% if url != "/" %}
@@ -24,6 +32,7 @@
                 </div>
             </div>
         </header>
+
         <div id="search-drawer-bg"></div>
         {% endif %}
 
@@ -40,7 +49,7 @@
                     </a>
                 </div>
                 <div class="footer-creator">
-                    <span>Created by <a href="https://twitter.com/hideckies" target="_blank" rel="noopener">hdks</a></span>
+                    <span>Created by <a href="https://twitter.com/hideckies" target="_blank" rel="noopener">{{ site.author }}</a></span>
                 </div>
             </div>
         </footer>

src/exploit/Firmware-Analysis.md

@@ -0,0 +1,35 @@
+---
+title: Firmware Analysis
+description: 
+tags:
+    - Reverse Engineering
+refs:
+date: 2022-12-21
+draft: false
+---
+
+## Static Analysis
+
+The following tools are often used for static analysis.
+
+- **[Firmwalker](https://github.com/craigz28/firmwalker)**
+- **[firmware-mod-kit](https://code.google.com/archive/p/firmware-mod-kit/)**
+
+```sh
+# -E: Calculate file entropy
+# -N: Do not generate an entropy plot graph
+binwalk -EN ./firmware
+
+# firmware-mod-kit
+./extract-firmware.sh ./firmware
+```
+
+<br />
+
+## Dynamic Analysis
+
+```sh
+gdb ./firmware
+
+rizin ./firmware
+```

src/exploit/GPG-Cracking.md

@@ -3,6 +3,8 @@ title: GPG Cracking
 description: GNU Privacy Guard (GPG) is a free-software replacement for Symantec's PGP cryptographic software suite.
 tags:
     - Cryptography
+refs:
+date: 2022-12-21
 draft: false
 ---
 
@@ -15,8 +17,8 @@ draft: false
         First of all, you need to format the private key to make the John to recognize it.
 
         ```sh
+        gpg2john private.key > key.txt
         gpg2john private_key.asc > key.txt
-        # or
         gpg2john private_key.sig > key.txt
         ```
 
@@ -37,10 +39,18 @@ draft: false
 2. **Import the Private Key**
 
     ```sh
+    gpg --import private.key
     gpg --import private_key.asc
     gpg --import private_key.sig
     ```
 
+    To list the imported keys,
+
+    ```sh
+    gpg --list-keys
+    gpg --list-secret-keys
+    ```
+
 3. **Decrypt GPG (PGP) using the Passphrase**
 
     At that time, you'll be asked for the passphrase, so enter the passphrase you gotten in the previous section.

src/exploit/Google-Dorks.md

@@ -4,6 +4,9 @@ description: Google Dorks are Google searching techniques.
 tags:
     - OSINT
     - Reconnaissance
+refs:
+    - https://www.exploit-db.com/google-hacking-database
+date: 2022-12-21
 draft: false
 ---
 

src/exploit/IPP-Pentesting.md

@@ -0,0 +1,60 @@
+---
+title: Internet Printing Protocol (IPP) Pentesting
+description: Internet Printing Protocol is a protocol for communicating between client devices and printers. A default port is 631.
+tags:
+    - Printer
+refs:
+    - https://tryhackme.com/room/printerhacking101
+    - http://hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet
+date: 2022-12-21
+draft: false
+---
+
+## Access in Web Browser
+
+The CUPS server can be able to access via browser.  
+Try input the following in the URL search form in browser.
+
+```txt
+http://<target-ip>:631
+```
+
+<br />
+
+## Connect
+
+**[The Printer Exploitation Toolkit](https://github.com/RUB-NDS/PRET)** is a tool for printer secure testing. Assume that we use it.  
+Try all three options until the target printer recognized.
+
+```sh
+# ps: PostScript
+python2 pret.py <target-ip>:631 ps
+
+# pjl: Printer Job Language
+python2 pret.py <target-ip>:631 pjl
+
+# pcl: Printer Control Language
+python2 pret.py <target-ip>:631 pcl
+```
+
+<br />
+
+## Commands in PRET Shell
+
+After connecting the target printer, we can test using the following commands.
+
+```sh
+# Print usage
+> ?
+> ? <command>
+```
+
+<br />
+
+## Other Exploits
+
+### Denial of Service (DoS)
+
+```sh
+while true; do nc printer 9100; done
+```

src/exploit/Pivoting.md

@@ -3,6 +3,8 @@ title: Pivoting
 description: Accessing obtained over one machine to exploit another machine deeper in the network.
 tags:
     - Network
+refs:
+date: 2022-12-21
 draft: false
 ---