These are my notes from this excellent course …

Postman Beginner’s Course — API Testing

It is not a replacement for this course, it is just my notes, more written information can be found here:-

https://github.com/vdespa/introduction-to-postman-course

I have used some of the notes from git hub and I used Postman web –

Postman Web link — https://web.postman.co/home

My Notes …

First API request via Postman …

Workspace > Open a new Tab > Past in the API URL > Add “/status” at the end of the URL

Click the “send” button and it will return the status

I am working through some of the rooms to help develop my skills on TryHackMe, below is a walk through for this room https://tryhackme.com/room/basicpentestingjt

Find open services

Use NMAP to find open ports

sudo nmap IP ADDRESS

Look for Hidden directories

To look for hidden directories, we will be using OWASP DirBuster, to start the application in a terminal type: –

sudo dirbuster

/usr/share/dirbuster/wordlist

To find out when a Linux account’s password was last changed, you can view the shadow file in the terminal as root: -

sudo cat /etc/shadow

This will bring up the accounts and hashed passwords in the terminal, the third value is the date the password was changed.

NAME : $6$.n. : 18611

To work out the date the password was changed you need to find out how many days since the epoch date (‘epoch’ is often used as a synonym for Unix time) January 1, 1970.

So the the above (18611) is Tuesday, December 15, 2020.

There is a…

Nessus Essentials is a free vulnerability assessment tool for upto 16 IP address. The free version comes with some excellent and free tools:-

Windows Install

STEP 1 — https://www.tenable.com/downloads/nessus?loginAttempted=true

STEP 2 — You then need to “get activation Code”

STEP 3 — Installed as default, once the installation has been completed, your default browser will bring up the following web page:- http://localhost:8834/WelcomeToNessus-Install/welcome

STEP 4 — It will ask you connect via SSL but there is no cert install by default, so go to “advanced” > “accept the risk and continue”

STEP 5 — Select a product > Nessus Essentials

STEP 6 —…

Introduction

Appsheets allows users to create “no-code” applications to collect and/or connect to data. It is very similar to PowerApps from Microsoft and allows users to create mobile, tablet and web apps. AppSheets has been purchased by Google but can use data sources like DropBox, Office 365, Salesforce and more.

How to Create an application

Create a new … login to AppSheets via a browser.

Info — in this example I have used a template …

The below script can be run against a single or multiple websites…

As a total Noob to Python, it may seem a pretty simple to add date to the end of a file name … but it took me an hour to work it out *facepalm inserted here*

First in my script, I imported the “date” portion of the from the “datetime” libary,

from datetime import date                   
today = date.today()                       
print("Today's date:", today)

When creating the file (and this is the bit that took me an hour to find), you will need to set a verable which uses “today”

Date = (today)

Once you have set the date you can add this…

Below are some notes I made to help prepare me for the SY0–501 exam which I passed on the 30th December 2020 …

RC4 — is a streaming cipher algorithm that encodes plain text bit by bit.

Bycrypt Algorithm — is based on the blowfish cipher and is a key stretching tech that helps strenghten the password by using a password hashing function and then salting the password.

CASB (Cloud Access Secuirty Broker) — can be deployed in three different ways –

• Forward proxy model, the user needs to install self-signed certs to access the cloud resources via the proxy.
• …