From 1783d353ebf57a60e335862651ec0e44a5c42545 Mon Sep 17 00:00:00 2001
From: mr-zero <amirajubolchi001@gmail.com>
Date: Thu, 1 Oct 2020 04:54:44 +0530
Subject: [PATCH] added all

---
 README.md | 172 +++++++++++++++++++++++++++++++-----------------------
 tags      |  42 +++++++++++++
 2 files changed, 141 insertions(+), 73 deletions(-)
 create mode 100644 tags

diff --git a/README.md b/README.md
index d33a317..6cc1f7c 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,33 @@ are welcome!
 
 1. [Post-Exploitation](#post-exploitation)
 2. [Port Enumeration](#port-enumeration)
-2. [445 (smb/Samba)](#445-smbsamba)
+3. [445 (smb/Samba)](#445-smbsamba)
+4. [1433 (Microsoft SQL Server)](#1433-microsoft-sql-server)
+5. [SNMP](#snmp)
+6. [Microsoft Office Macros](#microsoft-office-macros)
+7. [Retrieving Network Service Hashes](#retrieving-network-service-hashes)
+8. [Windows Reverse Shells](#windows-reverse-shells)
+9. [Known Exploits](#known-exploits)
+10. [Excess](#excess)
+11. [Esoteric Languages](#esoteric-languages)
+13. [Steganography](#steganography)
+14. [Cryptography](#cryptography)
+15. [Networking](#networking)
+16. [PHP](#php)
+17. [PDF Files](#pdf-files)
+18. [Forensics](#forensics)
+19. [PNG File Forensics](#png-file-forensics)
+20. [APK Forensics](#apk-forensics)
+21. [Web](#web)
+22. [Reverse Engineering](#reverse-engineering)
+23. [PowerShell](#powerShell)
+24. [Windows Executables](#windows-executables)
+25. [Python Reversing](#python-reversing)
+26. [Binary Exploitation/pwn](#binary-exploitationpwn)
+27. [VisualBasicScript Reversing](#visualbasicscript-reversing)
+28. [Miscellaneous](#miscellaneous)
+29. [Jail Breaks](#jail-breaks)
+30. [Trivia](#trivia)
 
 ---------------
 
@@ -40,7 +66,7 @@ Port Enumeration
 * [`smbmap`](https://github.com/ShawnDEvans/smbmap)
 
 	`smbmap` tells you permissions and access, which `smbclient` does _not_ do!
-	
+
 	To try and list shares as the anonymous user **DO THIS** (this doesn't always work for some weird reason)
 
 ```
@@ -74,11 +100,11 @@ enum4linux 10.10.10.125
 
 * `smbclient`
 
-	**NOTE: DEPENDING ON THE VERSION OF SMBCLIENT YOU ARE USING, you may need to SPECIFY the use of S<B version 1 or SMB version 2. You can dp this with `-m SMB2`. Older versions of SMBclient (latest being 4.10 at the time of writing) use SMB1 _by default_.** 
+	**NOTE: DEPENDING ON THE VERSION OF SMBCLIENT YOU ARE USING, you may need to SPECIFY the use of S<B version 1 or SMB version 2. You can dp this with `-m SMB2`. Older versions of SMBclient (latest being 4.10 at the time of writing) use SMB1 _by default_.**
 
 	You can use `smbclient` to look through files shared with SMB. To _list_ available shares:
 
-```	
+```
 smbclient -m SMB2 -N -L //10.10.10.125/
 ```
 
@@ -94,13 +120,13 @@ You will see a `smb: \>` prompt, and you can use `ls` and `get` to retrieve file
 ------------------------------
 
 * `impacket` -> `mssqlclient.py`
-	
+
 	You can connect to a Microsoft SQL Server with `myssqlclient.py` knowing a username and password like so:
 
 ```
 mssqlclient.py username@10.10.10.125
 ```
-	
+
 It will prompt you for a password. **If your password fails, the server might be using "Windows authentication", which you can use with:**
 
 ```
@@ -111,7 +137,7 @@ If you have access to a Micosoft SQL Server, you can try and `enable_xp_cmdshell
 
 ```
 SQL> enable_xp_cmdshell
-``` 
+```
 
 though, you may not have permission. If that DOES succeed, you can now run commands like:
 
@@ -181,16 +207,16 @@ Known Exploits
 ------------------
 
 * Java RMI
-	
+
 	Metasploit module: `exploit/multi/misc/java_rmi_server`
 
 	When testing this, responses are _known to come back with an error or exception_. Your code MAY VERY WELL still be executing. Try and run commands that include a callback. And _use Python_ to live off the land and try avoid special characters, like `|` pipes! [ysoserial](https://github.com/frohoff/ysoserial) is a good tool for deserializing Java code to take advantage of this vulnerability.
-	
+
 * Heartbleed
 
 	Metasploit module: `auxiliary/scanner/ssl/openssl_heartbleed`
 
-	Be sure to use `set VERBOSE true` to see the retrieved results. This can often contain a flag or some valuable information. 
+	Be sure to use `set VERBOSE true` to see the retrieved results. This can often contain a flag or some valuable information.
 
 * libssh - SSH
 
@@ -204,7 +230,7 @@ Known Exploits
 
 	If you can determine that you are working with an Apache Tomcat server (usually by visiting pages that do not exist and seeing a 404 error message), try to visit `/Manager`, which is usually accessible on Tomcat. Possible credentials could be `tomcat:tomcat`, `tomcat:s3cr3t`, `admin:s3cr3t`, `root:s3cr3t`, etc. etc.. Worthy of bruteforcing with `hydra`.
 
-	If you see URLs are appended with a `.action` (not a `.do`), you may be working with Apache Struts. 
+	If you see URLs are appended with a `.action` (not a `.do`), you may be working with Apache Struts.
 
 * Apache Struts
 
@@ -235,7 +261,7 @@ Esoteric Languages
 
 * [https://tio.run/](https://tio.run/)
 
-	An online tool that has a ton of Esoteric language interpreters. 
+	An online tool that has a ton of Esoteric language interpreters.
 
 * Brainfuck
 
@@ -280,9 +306,9 @@ Ook! Ook! Ook? Ook! Ook? Ook. Ook. Ook. Ook! Ook. Ook. Ook. Ook. Ook. Ook. Ook.
 ```
 
 * [Rockstar](https://codewithrockstar.com/)
-	
+
 	A language intended to look like song lyrics [github link](https://github.com/RockstarLang/rockstar).
-	
+
 	below is fizzbuzz in Rockstar:
 ```
 Midnight takes your heart and your soul
@@ -293,7 +319,7 @@ Give back your heart
 
 
 Desire is a lovestruck ladykiller
-My world is nothing 
+My world is nothing
 Fire is ice
 Hate is water
 Until my world is Desire,
@@ -338,7 +364,7 @@ Steganography
 
 * [`steghide`][steghide]
 
-	A command-line tool typically used alongside a password or key, that could be uncovered some other way when solving a challenge. 
+	A command-line tool typically used alongside a password or key, that could be uncovered some other way when solving a challenge.
 
 * [`stepic`](http://domnit.org/stepic/doc/)
 
@@ -372,7 +398,7 @@ Steganography
 * Other stego tools:
 
 	[https://github.com/DominicBreuker/stego-toolkit](https://github.com/DominicBreuker/stego-toolkit)
-	
+
 * [`zsteg`][zsteg]
 
 	Command-line tool for use against Least Significant Bit steganography... unfortunately only works against PNG and BMP images.
@@ -399,7 +425,7 @@ Steganography
 
 ```
 mplayer -af scaletempo -speed 64 flag.mp3
-``` 
+```
 
 * DNA Codes
 
@@ -437,7 +463,7 @@ exiftool -b -ThumbnailImage my_image.jpg > my_thumbnail.jpg
 
 * [`hipshot`][hipshot]
 
-	A [Python] module to compress a video into a single standalone image, simulating a long-exposure photograph. Was used to steal a [QR code] visible in a video, displayed through "Star Wars" style text motion.	
+	A [Python] module to compress a video into a single standalone image, simulating a long-exposure photograph. Was used to steal a [QR code] visible in a video, displayed through "Star Wars" style text motion.
 
 * [QR code]
 
@@ -445,12 +471,12 @@ exiftool -b -ThumbnailImage my_image.jpg > my_thumbnail.jpg
 
 * [`zbarimg`][zbarimg]
 
-	A command-line tool to quickly scan multiple forms of barcodes, [QR codes] included. Installed like so on a typical [Ubuntu] image: 
+	A command-line tool to quickly scan multiple forms of barcodes, [QR codes] included. Installed like so on a typical [Ubuntu] image:
 
 ```
 sudo apt install zbar-tools
 ```
-	
+
 * Punctuation marks `!`, `.` and `?`
 
 	I have seen some challenges use just the end of `.` or `?` or `!` to represent the [Ook](http://esolangs.org/wiki/ook!) esoteric programming language. Don't forget that is a thing!
@@ -459,10 +485,10 @@ Cryptography
 -----------------
 
 * Cryptii
-	
+
 	[https://cryptii.com](https://cryptii.com) has multiple decoding tools like base64, Ceaser Cipher, ROT13, Vigenère Cipher and more.
 * Keyboard Shift
-	
+
 	[https://www.dcode.fr/keyboard-shift-cipher](https://www.dcode.fr/keyboard-shift-cipher) If you see any thing that has the shape of a sentence but it looks like nonsense letters, and notes some shift left or right, it may be a keyboard shift...
 
 * Bit Shift
@@ -522,14 +548,14 @@ Cryptography
 	[https://www.dcode.fr/beaufort-cipher](https://www.dcode.fr/beaufort-cipher)
 
 * [Bacon Cipher](https://en.wikipedia.org/wiki/Bacon%27s_cipher)
-	
+
 	A substitution cipher that replaces each character with five characters from a set of two (A and B is used most of the time). If we look at A as 0 and B as 1 it is a special encoding to binary numbers, where the character A has the value of binary `b00000`. Easy to recognize, because the ciphertext only contains two characters (e.g.: A and B) and the length of the ciphertext is divisible by 5. Example: `AAABB AAABA ABBAB AAABB AABAA AAAAB AAAAA AAABA ABBAB ABBAA`.
 
         [Online tool](http://rumkin.com/tools/cipher/baconian.php)
 
 * Python random module cracker/predictor
 
-	[https://github.com/tna0y/Python-random-module-cracker](https://github.com/tna0y/Python-random-module-cracker)... helps attack the Mersenne Twister used in Python's random module. 
+	[https://github.com/tna0y/Python-random-module-cracker](https://github.com/tna0y/Python-random-module-cracker)... helps attack the Mersenne Twister used in Python's random module.
 
 * Transposition Cipher
 
@@ -560,8 +586,8 @@ def root3rd(x):
         y3 = y**3
         d = (2*y3+x)
         y1 = (y*(y3+2*x)+d//2)//d
-    return y 
-``` 
+    return y
+```
 
 * RSA: Wiener's Little D Attack
 
@@ -569,7 +595,7 @@ def root3rd(x):
 
 * RSA:  Boneh-Durfee Attack
 	The tellgate sign for this kind of challenge is also an enormously large `e` value (`e` and `n` have similar size).
-Some code for this attack can be found [here](https://github.com/mimoo/RSA-and-LLL-attacks/blob/master/boneh_durfee.sage) 
+Some code for this attack can be found [here](https://github.com/mimoo/RSA-and-LLL-attacks/blob/master/boneh_durfee.sage)
 
 * RSA: Chinese Remainder Attack
 
@@ -654,7 +680,7 @@ Networking
 
 * [Wireshark]
 
-	The go-to tool for examining [`.pcap`][PCAP] files. 
+	The go-to tool for examining [`.pcap`][PCAP] files.
 
 * [Network Miner]
 
@@ -670,7 +696,7 @@ editcap old_file.pcapng new_file.pcap
 
 * [`tcpflow`][tcpflow]
 
-	A command-line tool for reorganizing packets in a PCAP file and getting files out of them. __Typically it gives no output, but it creates the files in your current directory!__ 
+	A command-line tool for reorganizing packets in a PCAP file and getting files out of them. __Typically it gives no output, but it creates the files in your current directory!__
 
 ```
 tcpflow -r my_file.pcap
@@ -732,7 +758,7 @@ PHP
 * `preg_replace`
 
 	A bug in older versions of [PHP] where the user could get remote code execution
-	
+
 	[http://php.net/manual/en/function.preg-replace.php](http://php.net/manual/en/function.preg-replace.php)
 
 
@@ -756,14 +782,14 @@ http://xqi.cc/index.php?m=php://filter/convert.base64-encode/resource=index
 
 ```
 http://103.5.112.91:1234/?cmd=whoami&page=data://text/plain;base64,PD9waHAgZWNobyBzeXN0ZW0oJF9HRVRbJ2NtZCddKTsgPz4=
-``` 
+```
 
 
 PDF Files
 -------------
 
-* `pdfinfo`	
-	
+* `pdfinfo`
+
 	A command-line tool to get a basic synopsis of what the [PDF] file is.
 
 * `pdfcrack`
@@ -785,9 +811,9 @@ Forensics
 
 	To decompile bytecode, use `uncompyle6`. There is one special argument (I think `-d` or something???) that can have success if the default operation does not work. Do not give up hope when working with obvious Python bytecode. EasyPythonDecompiler might work, or perhaps testing with `uncompyle`
 
-* Keepass 
+* Keepass
 
-	`keepassx` can be installed on Ubuntu to open and explore Keepass databases. Keepass databases master passwords can be cracked with `keepass2john`. 
+	`keepassx` can be installed on Ubuntu to open and explore Keepass databases. Keepass databases master passwords can be cracked with `keepass2john`.
 
 * [Magic Numbers]
 
@@ -839,13 +865,13 @@ sudo apt install foremost
 
 * [photorec]
 
-	Another command-line utility that comes with `testdisk`. It is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted. 
-	
+	Another command-line utility that comes with `testdisk`. It is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.
+
 * [Analysis Image] ['https://29a.ch/photo-forensics/#forensic-magnifier']
-        
+
 	Forensically is free online tool to analysis image this tool has many features like  Magnifier, Clone Detection, Error Level analysis, Noise Analusis, level Sweep, Meta Data, Geo tags, Thumbnail Analysis , JPEG Analysis, Strings Extraction.
 
-	
+
 
 
 PNG File Forensics
@@ -887,7 +913,7 @@ apktool d <file.apk>
 * [`jd-gui`][jd-gui]
 
 	A GUI tool to decompile Java code, and JAR files.
-	
+
 
 Web
 ----------------
@@ -909,13 +935,13 @@ Web
 	This directory is often found by directory scanning bruteforce tools, so I recommend just checking the directory on your own, as part of your own "low-hanging fruits" check.
 
 * `/.git/`
-	
+
 	A classic CTF challenge is to leave a `git` repository live and available on a website. You can see this with `nmap -A` (or whatever specific script catches it) and just by trying to view that specific folder, `/.git/`. A good command-line tool for this is [`GitDumper.sh`](https://github.com/internetwache/GitTools), or just simply using [`wget`][wget].
 
 	**Sometimes you might Bazaar or Mercurial or other distributed version control systems. You can use [https://github.com/kost/dvcs-ripper](https://github.com/kost/dvcs-ripper) for those!!**
 
 * [`GitDumper.sh`][GitDumper.sh]
-	
+
 	A command-line tool that will automatically scrape and download a [git] repository hosted online with a given URL.
 
 * Bazaar `.bzr`
@@ -940,7 +966,7 @@ Web
 * [CloudFlare Bypass](https://github.com/Anorov/cloudflare-scrape)
 
 	If you need to script or automate against a page that uses the I'm Under Attack Mode from CloudFlare, or DDOS protection, you can do it like this with linked Python module.
-	
+
 ``` python
 #!/usr/bin/env python
 
@@ -948,8 +974,8 @@ import cfscrape
 
 url = 'http://yashit.tech/tryharder/'
 
-scraper = cfscrape.create_scraper() 
-print scraper.get(url).content 
+scraper = cfscrape.create_scraper()
+print scraper.get(url).content
 ```
 
 * [XSStrike]
@@ -958,7 +984,7 @@ print scraper.get(url).content
 
 * [`wpscan`][wpscan]
 
-	* A Ruby script to scan and do reconnaissance on a [Wordpress] application. 
+	* A Ruby script to scan and do reconnaissance on a [Wordpress] application.
 
 * Mac AutoLogin Password Cracking
 
@@ -989,15 +1015,15 @@ We try to display the content of the file /flag :
 <data>&file;</data>
 
 <?xml version="1.0" encoding="UTF-16"?>
-  <!DOCTYPE foo [  
+  <!DOCTYPE foo [
   <!ELEMENT foo ANY >
   <!ENTITY xxe SYSTEM "file:///flag" >]><foo>&xxe;</foo>
-  
+
   ```
 * Wordpress Password Hash Generator
 
 	If you make it into a Wordpress database and can change passwords, reset the admin password to a new hash: [http://www.passwordtool.hu/wordpress-password-hash-generator-v3-v4](http://www.passwordtool.hu/wordpress-password-hash-generator-v3-v4). This will let you login to /wp-admin/ on the site.
-	
+
 * Cookie Catcher
 
 * [`requestb.in`](https://requestb.in/)
@@ -1010,7 +1036,7 @@ We try to display the content of the file /flag :
 
 * [`sqlmap`][sqlmap]
 
-	A command-line tool written in [Python] to automatically detect and exploit vulnerable SQL injection points.	
+	A command-line tool written in [Python] to automatically detect and exploit vulnerable SQL injection points.
 
 * Flask Template Injection
 
@@ -1025,11 +1051,11 @@ We try to display the content of the file /flag :
 
 * Explicit SQL Injection
 
-	
+
 
 * Blind SQL Injection
 
-	
+
 * MongoDB
 
 Get MongoDB properly installed:
@@ -1063,8 +1089,8 @@ c.find()
 ```
 
 * gobuster
-	
-	
+
+
 
 * DirBuster
 
@@ -1092,7 +1118,7 @@ Reverse Engineering
 	Easy command-line tools to see some of the code being executed as you follow through a binary. Usage: `ltrace ./binary`
 
 * [Hopper](https://www.hopperapp.com)
-	
+
 	Hopper Disassembler, the reverse engineering tool that lets you disassemble, decompile and debug your applications.
 
 * [Binary Ninja](https://binary.ninja)
@@ -1118,7 +1144,7 @@ Reverse Engineering
 * Compiling & running ASM code:
 
 	You can convert ASM functions from assembly and run them as C functions like the following:
-	
+
 	`asm4.S`
 	```asm
 	.intel_syntax noprefix
@@ -1139,7 +1165,7 @@ Reverse Engineering
 		add    eax,edx
 		movzx  eax,BYTE PTR [eax]
 		test   al,al
-		jne    label1 
+		jne    label1
 		mov    DWORD PTR [ebp-0x8],0x1
 		jmp    label3
 	label4:
@@ -1184,7 +1210,7 @@ Reverse Engineering
 		add    esp,0x10
 		pop    ebx
 		pop    ebp
-		ret    
+		ret
 	```
 
 	`asm4.c`
@@ -1225,7 +1251,7 @@ Windows Executables
 
 * [`pefile`][pefile]
 
-	A [Python] module that examines the headers in a Windows [PE (Portable Executable)][PE] file. 
+	A [Python] module that examines the headers in a Windows [PE (Portable Executable)][PE] file.
 
 * [dnSpy]
 
@@ -1233,14 +1259,14 @@ Windows Executables
 
 * [PEiD][PEiD]
 
-	A [Windows] tool to detect common packers, cryptors and compilers for [Windows][Windows] [PE][PE] 
+	A [Windows] tool to detect common packers, cryptors and compilers for [Windows][Windows] [PE][PE]
 
 * jetBrains .NET decompiler
 
 * AutoIT converter
 
 	When debugging AutoIT programs, you may get a notification: "This is a compiled AutoIT script". Here is a good thing to use to decode them: [https://www.autoitscript.com/site/autoit/downloads/](https://www.autoitscript.com/site/autoit/downloads/)
-	
+
 Python Reversing
 ------------
 
@@ -1255,7 +1281,7 @@ Binary Exploitation/pwn
 
 * Basic Stack Overflow
 
-	Use `readelf -s <binary>` to get the location of a function to jump to -- overflow in Python, find offset with `dmesg`, and jump.	
+	Use `readelf -s <binary>` to get the location of a function to jump to -- overflow in Python, find offset with `dmesg`, and jump.
 
 * `printf` vulnerability
 
@@ -1267,7 +1293,7 @@ Binary Exploitation/pwn
 
 * 64-bit Buffer Overflow
 
-	64-bit buffer overflow challenges are often difficult because the null bytes get in the way of memory addresses (for the function you want to jump to, that you can usually find with `readelf -s`). But, check if whether or not the function address you need starts with the same hex values already on the stack (in `rsp`). Maybe you only have to write two or three bytes after the overflow, rather than the whole function address. 
+	64-bit buffer overflow challenges are often difficult because the null bytes get in the way of memory addresses (for the function you want to jump to, that you can usually find with `readelf -s`). But, check if whether or not the function address you need starts with the same hex values already on the stack (in `rsp`). Maybe you only have to write two or three bytes after the overflow, rather than the whole function address.
 
 
 VisualBasicScript Reversing
@@ -1339,7 +1365,7 @@ l(DId<j@<?3r@:F%a+D58'ATD4$Bl@l3De:,-DJs`8ARoFb/0JMK@qB4^F!,R<AKZ&-DfTqBG%G
 𤇃𢊻𤄻嶜𤄋𤇁𡊻𤄛𤆬𠲻𤆻𠆜𢮻𤆻ꊌ𢪻𤆻邌𤆻𤊻𤅋𤲥𣾻𤄋𥆸𣊻𤅛ꊌ𤆻𤆱炼綻𤋅𤅴薹𣪻𣊻𣽻𤇆𤚢𣺻赈𤇣綹𤻈𤇣𤾺𤇃悺𢦻𤂻𤅠㢹𣾻𤄛𤆓𤦹𤊻𤄰炜傼𤞻𢊻𣲻𣺻ꉌ邹𡊻𣹫𤅋𤇅𣾻𤇄𓎜𠚻𤊻𢊻𤉛𤅫𤂑𤃃𡉌𤵛𣹛𤁐𢉋𡉻𡡫𤇠𠞗𤇡𡊄𡒌𣼻燉𣼋𦄘炸邹㢸𠞻𠦻𡊻𣈻𡈻𣈛𡈛ꊺ𠆼𤂅𣻆𣫃𤮺𤊻𡉋㽻𣺬𣈛𡈋𤭻𤂲𣈻𤭻𤊼𢈛儛𡈛ᔺ
 ```
 
-* [Base41](https://github.com/sveljko/base41/blob/master/python/base41.py) 
+* [Base41](https://github.com/sveljko/base41/blob/master/python/base41.py)
 
 * Mac / Macintosh / Apple Hidden Files `.DS_Store` [ds_store_exp](https://github.com/lijiejie/ds_store_exp)
 
@@ -1362,7 +1388,7 @@ l(DId<j@<?3r@:F%a+D58'ATD4$Bl@l3De:,-DJs`8ARoFb/0JMK@qB4^F!,R<AKZ&-DfTqBG%G
 	Use
 
 * 15 Puzzle
-	
+
 	A sliding puzzle that consists of a 4x4 grid with numbered square tiles, with one missing, set in a random order. It was involved in SharifCTF to determine if a group of these puzzles was solvable: [https://theromanxpl0it.github.io/ctf_sharifctf18/fifteenpuzzle/](https://theromanxpl0it.github.io/ctf_sharifctf18/fifteenpuzzle/)
 
 
@@ -1386,7 +1412,7 @@ sudo apt install -y caca-utils
 
 * Strange Symbols/Characters
 
-	Some CTFs will try and hide a message on a picture with strange symbols. Try and Google Reverse Image searching these. They may be Egyptian Characters: 
+	Some CTFs will try and hide a message on a picture with strange symbols. Try and Google Reverse Image searching these. They may be Egyptian Characters:
 
 ![http://www.virtual-egypt.com/newhtml/hieroglyphics/sample/alphabet.gif](http://www.virtual-egypt.com/newhtml/hieroglyphics/sample/alphabet.gif)
 
@@ -1411,7 +1437,7 @@ MCA{I$love$bitcoin$so$much!}
 
 * Missing `ls` or `dir` commands
 
-	If you cannot run `ls` or `dir`, or `find` or `grep`, to list files you can use 
+	If you cannot run `ls` or `dir`, or `find` or `grep`, to list files you can use
 
 ```
 echo *
@@ -1428,11 +1454,11 @@ mapfile -t  < /etc/passwd
 printf "$s\n" "${anything[@]}"
 ```
 
-Jail Breaks	
+Jail Breaks
 ----------
-Sometimes you're jailed in an environment where you can potentially execute code.    
-* Python 3    
-`().__class__.__base__.__subclasses__()` - Gives access to `object` subclasses    
+Sometimes you're jailed in an environment where you can potentially execute code.
+* Python 3
+`().__class__.__base__.__subclasses__()` - Gives access to `object` subclasses
 
 
 Trivia
@@ -1487,7 +1513,7 @@ ICMP
 ```
 
 
-*  We are a CTF team which is open to everybody. Who are we?    
+*  We are a CTF team which is open to everybody. Who are we?
 
 
 ```
diff --git a/tags b/tags
new file mode 100644
index 0000000..6e1e6f2
--- /dev/null
+++ b/tags
@@ -0,0 +1,42 @@
+!_TAG_FILE_FORMAT	2	/extended format; --format=1 will not append ;" to lines/
+!_TAG_FILE_SORTED	1	/0=unsorted, 1=sorted, 2=foldcase/
+!_TAG_OUTPUT_FILESEP	slash	/slash or backslash/
+!_TAG_OUTPUT_MODE	u-ctags	/u-ctags or e-ctags/
+!_TAG_PROGRAM_AUTHOR	Universal Ctags Team	//
+!_TAG_PROGRAM_NAME	Universal Ctags	/Derived from Exuberant Ctags/
+!_TAG_PROGRAM_URL	https://ctags.io/	/official site/
+!_TAG_PROGRAM_VERSION	0.0.0	/a3c87ab5/
+1433 (Microsoft SQL Server)	README.md	/^1433 (Microsoft SQL Server)$/;"	s
+445 (smb/Samba)	README.md	/^445 (smb\/Samba)$/;"	s
+APK Forensics	README.md	/^APK Forensics$/;"	s
+Binary Exploitation/pwn	README.md	/^Binary Exploitation\/pwn$/;"	s
+CTF-Katana	README.md	/^CTF-Katana$/;"	c
+Cryptography	README.md	/^Cryptography$/;"	s
+DO NOT FORGET TO JUST BRUTEFORCE JUST THE FIRST BYTE, OR TWO BYTES OR THREE BYTES.	README.md	/^# DO NOT FORGET TO JUST BRUTEFORCE JUST THE FIRST BYTE, OR TWO BYTES OR THREE BYTES.$/;"	c
+Esoteric Languages	README.md	/^Esoteric Languages$/;"	s
+Excess	README.md	/^Excess$/;"	s
+Forensics	README.md	/^Forensics$/;"	s
+IF YOU KNOW A DECENT CRIB (PLAINTEXT), USE CYBERCHEF TO HELP DETERMINE THE KEY	README.md	/^# IF YOU KNOW A DECENT CRIB (PLAINTEXT), USE CYBERCHEF TO HELP DETERMINE THE KEY$/;"	c
+Jail Breaks	README.md	/^Jail Breaks$/;"	s
+Known Exploits	README.md	/^Known Exploits$/;"	s
+Microsoft Office Macros	README.md	/^Microsoft Office Macros$/;"	s
+Miscellaneous	README.md	/^Miscellaneous$/;"	s
+Networking	README.md	/^Networking$/;"	s
+PDF Files	README.md	/^PDF Files$/;"	s
+PHP	README.md	/^PHP$/;"	s
+PNG File Forensics	README.md	/^PNG File Forensics$/;"	s
+Port Enumeration	README.md	/^Port Enumeration$/;"	c
+Post-Exploitation	README.md	/^Post-Exploitation$/;"	c
+PowerShell	README.md	/^PowerShell$/;"	s
+Python Reversing	README.md	/^Python Reversing$/;"	s
+Retrieving Network Service Hashes	README.md	/^Retrieving Network Service Hashes$/;"	s
+Reverse Engineering	README.md	/^Reverse Engineering$/;"	s
+SNMP	README.md	/^SNMP$/;"	s
+Steganography	README.md	/^Steganography$/;"	s
+Table of Contents	README.md	/^# Table of Contents$/;"	c
+Trivia	README.md	/^Trivia$/;"	s
+VisualBasicScript Reversing	README.md	/^VisualBasicScript Reversing$/;"	s
+WHEN GIVEN A FILE TO WORK WITH, DO NOT FORGET TO RUN THIS STEGHIDE WITH AN EMPTY PASSWORD!	README.md	/^# WHEN GIVEN A FILE TO WORK WITH, DO NOT FORGET TO RUN THIS STEGHIDE WITH AN EMPTY PASSWORD!$/;"	c
+Web	README.md	/^Web$/;"	s
+Windows Executables	README.md	/^Windows Executables$/;"	s
+Windows Reverse Shells	README.md	/^Windows Reverse Shells$/;"	s