-
Notifications
You must be signed in to change notification settings - Fork 529
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ftp info sheet, and some useful lists
- Loading branch information
1 parent
fb7df34
commit 79830a0
Showing
3 changed files
with
51 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| #ftp client commands | ||
| binary - set binary transfer type | ||
| cd - change remote working directory | ||
| lcd - change local working directory | ||
| get - recieve file | ||
| mget - get multiple files | ||
| passive - enter passive transfer mode | ||
| ls - list contents of remote directory | ||
|
|
||
| #Traditional ports, though they can be dynmically assigned | ||
| Port 21 - control commands | ||
| Port 20 - data transfer | ||
|
|
||
| #Active mode | ||
| Client initiates control session on port 21 and leaves port 20 open for the server to send data, and the server initiates the connection for port 20. | ||
| ***If client is behind a firewall, or NAT, then the sever might not be able to connect to send data. | ||
|
|
||
| #Passive mode | ||
| Server gives teh client a port to initiate a connection to for data transfer. | ||
| ***Most commonly used by browsers, ect. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| #Sample Files | ||
| Since web servers are hard to make from the ground up, sample files are often in the distributions, and the knowledge of these sample files can provide openings. | ||
|
|
||
| #Source Code Disclosure | ||
| Allowing the source code to be viewed can make holes an files accessible if they can can be found referenced in the code. | ||
|
|
||
| #Canonicalization | ||
| Errors usually occur when the web server fails to fully carry out the law (that the root word for any URL/filename would be the same if it is for the same resource), and thus the web server will fail to recognize that a URL is associated with a file it addresses. | ||
|
|
||
| #Input Validation | ||
| Classic hacking technique, but it can lead to buffer overflows, integer errors, and heap exploits. | ||
|
|
||
| #Denial of Service | ||
| Attempting to waste server time to get a denial. For example, one can identify many strings that hash to the same location in an environment with a naive programming language hash table implementation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| #Wired Equivalent Privacy (WEP) | ||
| RC4 stream cipher w/ CRC32 for integrity check | ||
| -->Crack: | ||
| by sniffing an ARP packet, then replaying it to get many encrypted replies with different IVs | ||
| -->Avoidance: | ||
| Use WPA2 | ||
|
|
||
| #Wifi Protected Access (WPA) | ||
| Temporal Key Integrity Protocol (TKIP) Message Integrity Check | ||
| -->Crack: | ||
| Uses a four way handshake, and if that handshake can be captured, then a dictionary attack ban be mounted to find the Pairwise Master Key for the Access Point and client Station | ||
| -->Avoidance: | ||
| Use long-keys | ||
|
|
||
| #WPA2 | ||
| Advanced Encryption Standard (AES) | ||
| -->crack and avoidance the same was WPA |