Penetration-Testing-Notes

  • Blog
  • /
  • Penetration-Testing-Notes
on 2020-12-03 22:16:10.345075
  • technology
  • software

1. Linux

netstat netstat -antp

netcat Copy file from to another system with netcat - listening system: nc -lvp 1234 > myfile2 - file sending system: nc 10.2.0.15 1234 < myfile4

chrontab

2. Programming

3. Metasploit

4. Information Gathering/Reconnaissance

nslookup and host for domain info ns set type=mx uplaw.us

ns set type=ns cisco.com

host -t ns uplaw.us zone transfer to find more domain names: - host -t ns zonetransfer.me
- host -l zonetransfer.me nsztm2.digi.ninja.

fierce to find subdomains: - fierce -dns uplaw.us

theHarvester to search many different databases for info on domain: - theHarvester -d uplaw.us -l 500 -b all

netcraft.com -> what's that site running = information about the domain.

maltego (gui application in Kali)-- used to research and graph information about entities, domains, subdomains, websites, e.g., same stuff as above (need account) - e.g., pastebin, linkedin, flicker accounts

shodan--searches banners -e.g., search webcamxp for open webcams

recon-ng--metasploit-ish framework for reconnisance show modules -> use recon/contacts-creds/haveibeenpwned -> set source csm@csmckay.us

Google Dorks--use different operators in google search to find specific information - See https://www.exploit-db.com/google-hacking-database - xamppdirpasswd.txt filetype:txt

4.4. NMAP and Port Scanning

  • 65,000+ ports

netcat to see what ports are open: nc -v 157.245.135.105 80

__NMAP__backbone/main tool of port scanning - See nmap.org -> Reference Guide - sudo nmap -sS 192.168.0.223 -oA classscan - nmap -sS 192.168.0.223 -p 9200 - search udp: nmap -sU 192.168.0.223 -oA classudp - udp a little more difficult/comlex to search than tcp - version scanning:nmap -sV 157.245.135.105 -oA classversion

5. Vulnerability Discovery/Scanning

5.2 Vulnerability Scanning II--Nessus

5.3 Vulnerability Scanning III--Nmap scripting engine

5.4 Vulnerability Scanning IV--Metasploit

5.5 Vulnerability Scanning V--Webapp, XAMPP, WEBDAV, nikito

5.6 Vulnerablity Scanning VI--Directory Traversals

6. Capturing Traffic

6.2 Wireshark and Analyzing Network Protocol

Filters: - ftp && ip.dst==192.168.1.77 - ip.src==192.168.1.76 || ip.dst==192.168.1.76

6.3. Address Resolution ARP

6.4 Traffic

Module 7: ​ExploitationLesson 7.1:​​Exploitation (Part 1) Direct ExploitationSkills Learned From This Lesson: Webshells, WebDAV Uploads, msfvenom/Meterpreter●> In Web Application Exploitation, it's common to take advantage of theprogramming/scripting language found on the site during exploitation. Here are someexamples:○> PHP (LAMP, LEMP, Wordpress, etc)○> Javascript (NodeJS, etc.)○> Python (Flask, Django)○> Perl (WAMPP, XAMPP)○> Ruby (Ruby on Rails)○> Go (Buffalo)○> Java (JBoss, Apache Tomcat)○> ASP.NET (Windows IIS)●Default webshells coded in various web programming languages included in Kali Linuxcan be found in /usr/share/webshells/●If WebDAV is enabled on a Web Application, Cadaver can be used to upload a webshellcoded in the appropriate programming language to gain an initial foothold.●Msfvenom can be utilized to create a staged reverse shell payload, Cadaver to uploadthe created payload and Meterpreter (in msfconsole) to handle the reverse shellreturning from the target.●Mimikatz - An open-source utility that enables the capture of credentials and Kerberostickets from the Windows Local Security Authority Subsystem Service (IASSS) on awindows machine.●msf exploit (handler) > show advanced - Displays advanced settings to tune the handlingof the reverse shell received from the target

Comments(30)

Sean on 23 May 2015, 10:40AM

Cras sit amet nibh libero, in gravida nulla. Nulla vel metus scelerisque ante sollicitudin commodo. Cras purus odio, vestibulum in vulputate at, tempus viverra turpis.

Strong Strong on 21 May 2015, 11:40AM

Cras sit amet nibh libero, in gravida nulla. Nulla vel metus scelerisque ante sollicitudin commodo. Cras purus odio, vestibulum in vulputate at, tempus viverra turpis.

Emma Stone on 30 May 2015, 9:40PM

Cras sit amet nibh libero, in gravida nulla. Nulla vel metus scelerisque ante sollicitudin commodo. Cras purus odio, vestibulum in vulputate at, tempus viverra turpis.

Nick Nilson on 30 May 2015, 9:40PM

Cras sit amet nibh libero, in gravida nulla. Nulla vel metus scelerisque ante sollicitudin commodo. Cras purus odio, vestibulum in vulputate at, tempus viverra turpis.

Leave A Comment