ES6 Rest Operator

The rest operator in JavaScript is used to collect all remaining arguments of a function into a single array. It is represented by three consecutive dots (...) followed by a parameter name. This operator is particularly useful when you have a function that accepts a variable number of arguments.

 
ES6 is different version of the ECMAScript specification. Which is the standard that defines the scripting language that javascript is based on.

ES6 release on 2015 and there are so many features Arrow function, classes, let and const for variables.

Suppose we have a function with some parameter like -

function  sum(a, b) {
    return a+b;
}

sum(2, 6)  // output is 8

But there is some problem because of if user have 2 paramters then we  will enter the value of 2 paramters only But if we use this like below - 

function sum(...args) {
    console.log(args)
}

sum(2, 5, 4, 7)

when we use this type of method we can print all the numbers as a argument value like 2, 5, 4, 7 and also we can add these all numbers.

Actually we have used this code in reactjs called as TheArrow.jsx

Example

import React from 'react'

function TheRest() {

    const therest = ( num1, num2, ...args) => {
       
            console.log(`The number is ${args}`)
            let sum = num1 + num2;
            for(let i = 0; i < args.length; i++) {
                sum +=args[i];
            }
            console.log('The total sum is' , sum);
    }

    therest(2, 3, 4, 5)
  return (
    <div>
    
    <h1>Check console</h1>
    
    
    </div>
  )
}

export default TheRest

Output

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

ES6 Arrow Function

ES6 Gives us a new syntax for defining functions using a fat arrow. Arrow functions bring a lot of clarity & code reduction.

ES6 is different version of the ECMAScript specification. Which is the standard that defines the scripting language that javascript is based on.

ES6 release on 2015 and there are so many features Arrow function, classes, let and const for variables.

Syntax:

function greetings(name) {
    return (' Welcome ' + name)
}

const greetings = (name) => {
    return (`Welcome ${nmae}`)
}

Actually we have used this code in reactjs called as TheArrow.jsx

Example

import React from 'react'

function Thearrowfunc() {

    
    function greetings(name) {
        return ('welcome ' + name);
     }
     
     const myGreeting = (name, age) =>  {
          console.log(`welcome ${name} ${age}`)
     }
      // without curley braces also we can use arrow function 
    console.log(greetings('atul'));
     console.log(myGreeting('atul', 23));
  return (
    

    
    <h1>Check console</h1>
    
  )
}

export default Thearrowfunc

Output

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

Hashcat is a password cracker used to crack password hashes. A hash is a one-way function that takes a word or string of words and turns them into a fixed length of random characters. This is a much more secure method of storing passwords rather than storing them in plain text. It is not reversible.


Hashcat attempts to crack these passwords by guessing a password, hashing it, and then comparing the resulting hash to the one it’s trying to crack.


Hash Analyzer Tunnelsup.com Hash Analyser allows you to stick a hash into there site and will give you there best guess at what the hash is. This was all i used for the Crack the hash challenge and was pretty much spot on until some of the later tasks.


Hash-Identifier can be found pre-installed in Kali Linux and will tell you the possible hashing algorithm for the hash you enter. The Nice thing about this other then it already being installed in kali is that it gives you a few alternatives which can help finding finding the right mode in hashcat.


HashID This is a python based hash identifying tool which needs to be downloaded from there GitHub Repo. The cool thing about this tool is not only does it identify the hashes but also can give you the corresponding hashcat mode as part of the output.


 

hashcat -h | grep sha256
hashcat -h | grep md5
hashcat -h | grep salt
hashcat -h | grep sha
hashcat --help

In this lab, we will create a set of hashes and then use a dictionary to crack these hashes. The first step is to create the hashes. Open a terminal and use the following command to create a new txt document filled with some hashes: 

echo "dc647eb65e6711e155375218212b3964
eb61eead90e3b899c6bcbe27ac581660
958152288f2d2303ae045cffc43a02cd
2c9341ca4cf3d87b9e4eb905d6a3ec45
75b71aa6842e450f12aca00fdf54c51d
031cbcccd3ba6bd4d1556330995b8d08
b5af0b804ff7238bce48adef1e0c213f" > target-hashes.txt

These hashes comprise 7 different password which we will attempt to crack.

The next step is to choose the wordlist we will use for cracking the hashes. We will be using the “rockyou.txt” file. Type the following to locate the file:

locate rockyou.txt

Navigate back to the home directory by typing cd. We are now ready to begin the attack.

We will use the following command to crack the password hashes:

hashcat -m 0 -a 0 -o cracked.txt target-hashes.txt /home/hackerboy/Dcouments/rockyou.txt


Let’s break down each of these options.


# The -m 0 option tells hashcat that we are attempting to crack MD5 hash types
# The -a 0 option tells hashcat we are using a dictionary attack
# The -o cracked.txt option is creating the output file for the cracked passwords
# The target_hashes.txt is the file containing the hashes
# The /home/hackerboy/Dcouments/rockyou.txt is the wordlist we will use for this dictionary attack

 

If you want to more cracking hashes, follow below the article on TryHackMe Cracking Hashes.

Click Here 

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

Information Gathering using theHarvester 

Information gathering is often the first step of any penetration test. theHarvester is a very powerful OSINT (Open-Source Intelligence Tool) for finding information on a target URL. It searches multiple sites for information about the target URL and displays all the information it finds. It is particularly useful for finding names of people and their email addresses as well as subdomains of the target site.

First of all we will installing  python3-pip, virtualenv.

sudo apt-get install python3-pip
sudo pip3 install virtualenv
virtualenv venv

Then clone the git repo and change the directory:


git clone https://github.com/laramies/theHarvester.git
cd theHarvester

Now, install the requirements 

pip3 install -r requirements.txt

Close this terminal and open a new one. Now, we are ready to use “theHarvester.py” in “kali” user’s home directory. Type:

cd /home/kali/theHarvester/
./theHarvester.py -v

 Now we want to gather information about our target, we can specify the following:

./theHarvester.py -d hackaday.com \ -l 300 -b all


The “-b all” tag will search all search engines available to theHarvester for information regarding hackaday.com. As you can see, it is an extremely useful tool for discovering email addresses, names of people associated with the target, sub-domain names and IP addresses.

 If we wanted to display this information in an easier to read format, we could add the -f tag at the end:

./theHarvester.py -d hackaday.com -l 300 -b all -f hackaday.com.results

 

This will save the information gathered in a HTML file called hackaday.com.results.html” When this file is opened, it provides the information gathered in a layout which is much easier to read.

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

Intercept client-side requests 

Burp Suite, a framework of web application pentesting tools, is widely regarded as the de facto tool to use when performing web app testing. Throughout this room, we'll take a look at the basics of installing and using this tool as well as it's various major components. Reference links to the associated documentation per section have been provided at the bottom of most tasks throughout this room. full tutorial of burp suite

we will learn how to use Burp to intercept browser network traffic.

Once the web browser opens, navigate to the following site:

http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F

 

Once there, go back to Burp and turn ON intercept mode. Then, enter any username and password combination into the site and click “Login”. As you will see, the page will remain in a loading state. This is because Burp has now intercepted the request we sent to the server, and is holding it for us to manipulate.

Now, we will start FoxyProxy in our browser.

Go back to Burp and you will find the intercepted request, along with the username and password data that we entered. To navigate through the different requests Burp is intercepting, simply press the “Forward” button to send the request to the server and view the next request.

Full Tutorial of Burp Suite

  to you by Hacking Truth

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

ARP Poisoning is a protocol that associates a given IP Address with the Link Layer address of the relevant physical machine. Since IPv4 is still the most commonly used internet protocol. ARP generally bridges the gap between 32 bit IPv4 address and 48 bit mac addresses. It works in both direction. ARP Poisoning Attack to defend

ARP is a stateless protocol that is used within a broadcast domain to ensure the communication by resolving the IP address to MAC address maping. The relationship between a given MAC address and its IP address in kept in  a table known as the ARP cache. ARP protocol ensure the binding of IP address and mac address. By borad casting the ARP request with IP addresses, the switch can learn the associated MAC Address information form the reply of the specific host.

In the event that there is a no map or the map is unknown, the source will send a  broadcast to all nodes just the node with a coordinating MAC address for that IP will answer to the demand with the packet that involves the MAC address mapping. The switch will learn the MAC address and its connected port information into its fixed length CAM table.

As shown in the figure, the source generates the ARP query by broadcasting the ARP packet, A node  having the MAC address, the query is destined for will reply only to the packet. The frames  is floaded out all ports (other than the port on which the frame was received). If CAM table entries are full this also happen when the destination MAC Address in the frame is the broadcast address. MAC flooding technique is used to turn a switch into a hub in which switch starts broadcasting each and every packet. In the scenario,  each user can catch the packet even those packets which is not intende.

ARP Code Poisoning

Defend ARP Poisoning Attack

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

All About NTP Enumeration

NTP stands for network time protocol design to synchronise clock of networked computers. NTP can achieve accuracy of 200 million seconds or better in local area networks under ideal condition. NTP can maintain time to within 10 milli seconds ( 1/100 ) over the internet. Ntp based on agent server architecture where agent queries the ntp server and it works on user Dataram Protocol (UDP) and well known Port 123.

NTP Enumeration

An attacker can eliminate the following information by querying NTP server.

1) List of hosts connected to the NTP server.
2) internal client IP addresses, host name and operating systems used.


 

NTP Enumeration Tools

The following table shows the list of tools to perform NTP enumeration.

Name the tools and description/wab links

1) NTP Trace

Query to determine from the NTP server update its time and tresses the chain of the NTP server from a sources.


2) ntpdc

Where is the ntp deamon about its current state and to request changes in the state.


3) ntpq

Monitor NTP daemon ntpd operations and determine performance.


4) Cisco ntpd packet tracer download

https://www.computernetworkingnotes.com/ccna-study-guide/download-packet-tracer-for-windows-and-linux.html

NTP Security Controls

The following are the security controls to prevent ntp enumeration attack.


# restrict the uses of NTP and enable the use of NTPsec where possible.

# filter and the traffic with IPtables.

# enable logging for the messages and events.

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.