Here are some keywords I’ve come across when studying information security topics.
CVSS
I refer to CVSS v3.1 here.
Environmental metric group
This considers the impact of a user’s environment on the vulnerability. This is important for organizations with specific CIA (confidentiality, integrity, availability) needs.
By default, it’s assumed that the impact on CIA is medium. Organizations can either decrease or increase any CIA requirements metric, giving it a low, medium, or high value.
Brute-forcing tools
thc-hydra
It worked well for fuzzing basic SMB and HTTP. For better SMB support, you need
to compile it with Samba support and use its smb2 module.
It doesn’t work well with HTTP forms that require submitting a hidden field such as a CSRF token. It can only send cookies received before.
Links:
Patator
This works well for brute-forcing HTML forms that require you to submit a CSRF token. You can use a flag to instruct it to fetch a separate page and then read out a field from the response. For example, you may get a response like the following:
<input type="hidden" name="csrf-token" value="foobar" />
Patator can then read out foobar and you can refer to it when creating the
HTTP POST body.
Links:
John the Ripper
A feature that surprised me a lot in John is the ability to create custom formats using dynamic formats. A specific password hash may use a obscure “hash, then salt, then hash, then add constant”-type method. You can define any such method using John’s domain specific language (DSL).
I have had tremendous success using this in combination with the d3ad0ne rule
to crack leetspeak-like passwords when extracting slightly obscure
PostgreSQL MD5 password hashes.
from PostgreSQL. MD5 is dangerous indeed.
Links:
- Website: https://www.openwall.com/john/
- Dynamic format docs: https://github.com/openwall/john/blob/bleeding-jumbo/doc/DYNAMIC
- GitHub: https://github.com/openwall/john