updated

Author: hdks-bug

.github/workflows/docs.yml

@@ -0,0 +1,29 @@
+name: Exploit Notes
+on:
+  push:
+    branches:
+      - master
+      - main
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+jobs:
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/configure-pages@v5
+      - uses: actions/checkout@v5
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.x
+      - run: pip install zensical
+      - run: zensical build --clean
+      - uses: actions/upload-pages-artifact@v4
+        with:
+          path: site
+      - uses: actions/deploy-pages@v4
+        id: deployment

.gitignore

@@ -0,0 +1,4 @@
+/.cache/
+/.venv/
+
+/site/

docs/CNAME

@@ -0,0 +1 @@
+exploit-notes.hdks.org

docs/about/disclaimer.md

@@ -0,0 +1,10 @@
+# Disclaimer
+
+Exploit Notes are only for educational purpose or penetration testing, not attacking servers that you're not authorized.  
+This site will not take any responsibility even if you attack the server illegally or cause damage unintentionally.  
+Please use the contents at your own risk.  
+
+The contents are not original, but based on the information on the internet, the author actually tried and functioned.  
+Although the author strives to post the latest information on the content of this site as much as possible, there is no guarantee that it will always be new.  
+
+I'm not a security expert, just an enthusiast, so the contents written are not necessarily accurate.

docs/about/privacy-policy.md

@@ -0,0 +1,39 @@
+# Privacy Policy
+
+Last updated: July 30, 2023
+
+This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.  
+We use Your Personal data to provide and improve the Service.  
+By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.  
+This Privacy Policy has been created with the help of the [Privacy Policy Generator](https://www.termsfeed.com/privacy-policy-generator/).  
+
+## Usage Data
+
+Usage Data is collected automatically when using the Service.  
+
+Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.  
+
+When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.  
+
+We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.  
+        
+## Tracking Technologies and Cookies
+
+We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information.  
+Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.  
+The technologies We use may include:
+
+- Cookies or Browser Cookies
+
+    A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
+
+## Changes to this Privacy Policy
+
+We may update Our Privacy Policy from time to time.  
+You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.  
+
+## Contact Me
+
+If you have any questions about this Privacy Policy, You can contact me:  
+
+email: hdks.bug@gmail.com

docs/assets/images/favicon.ico

@@ -0,0 +1,31 @@
+# 7z Password Cracking
+
+If a 7z file is protected with password, we can crack the password.
+
+## Crack
+
+### 1. Convert to Hash
+
+First we need to convert the `.7z` file to hash.
+
+```sh
+7z2john example.7z > hash.txt
+# or
+/usr/share/john/7z2john.pl example.7z > hash.txt
+```
+
+If we got the error “`Can't locate Compress/Raw/Lzma.pm in @INC`...”, we need to install `libcompress-raw-lzma-perl` package so try:
+
+```bash
+sudo apt install libcompress-raw-lzma-perl
+```
+
+### 2. Crack the Hash
+
+Now we can crack the hash with one of the commands below:
+
+```sh
+john --wordlist=wordlist.txt hash.txt
+# or
+hashcat -m 11600 hash.txt wordlist.txt
+```

docs/assets/images/logo.png

@@ -0,0 +1,17 @@
+RAR (Roshal Archive)
+
+RAR is a proprietary archive file format that supports data compression, error correction and file spanning.
+
+## Decrypt
+
+First of all, you need to format the RAR file to make the John to recognize it.
+
+```sh
+rar2john example.rar > hash.txt
+```
+
+Crack the password using the formatted text.
+
+```sh
+john --wordlist=wordlist.txt hash.txt
+```

docs/exploit/archives/7z-password-cracking.md

@@ -0,0 +1,31 @@
+# Tar
+
+Tar command is a utility that is used to create, manipulate, and extract archived files. "tar" stands for "tape archive".
+
+## Archive Files
+
+```sh
+# -c: Create a new archive
+# -f: Use archive file
+tar -cf archive.tar example.txt
+tar -cf archive.tar example1.txt example2.txt
+# -z: filter the archive through gzip
+tar -zcf example.tar.gz example/
+```
+
+## Extract Files
+
+```sh
+# -x: Extract files from an archive
+# -f: Use archive file
+tar -xf archive.tar
+tar -xf archive.tar.gz
+# output given directory
+tar -xf archive.tar --directory archived
+```
+
+## Display Contents without Extracting
+
+```sh
+tar -tf archive.tar
+```