IT Systems, Networks, Security and Education
Pen testing is different from CTF (capture the flag), and different from security auditing. In this section we’ll explore some of the tools and techniques for real-life penetration testing.
You should try this. If you seriously want to learn hacking, you should check out EC-Council’s Code Red training site. I’ve been checking out the free-level offerings, and I’m impressed. Go here and create an account, with the usual precautions: https://codered.eccouncil.org/Home Do you use Python? (Of course you do.) Here’s a link to a course …
Continue reading “Study Hacking With Code Red: Free Video Courses”
Getting a Remote Shell Let’s assume you’ve found some sort of access to your target, ideally an upload vulnerability that will let you get some shellcode onto the target. Netcat You could just start a Netcat listener on the victim, if Netcat is available: nc -lvnp 1234 … and start a shell on the attack …
Continue reading “[ Pen Testing ] :: Step by Step: Uploading Shellcode and Upgrading the Shell”
SSH Enumeration shellshock bruteforce user_enum Debian OpenSSL Predictable PRNG
SMB Enumeration nmap –script vuln nmap –script smb* nmap –script smb-enum-shares,smb-ls enum4linux, linenum, etc. smbclient smbcontrol smbmap smbpasswd etc
Database Enumeration Enumeration With SQLmap SQLmap is noisy as hell. Here is the official options/examples page: https://github.com/sqlmapproject/sqlmap/wiki/Usage. For example, save a captured header as an input file for SQLmap: Load HTTP request from a file Option: -r One of the possibilities of sqlmap is loading of raw HTTP request from a textual file. That way …
Continue reading “[ Pen Testing ] :: Step by Step: Database Enumeration”
SNMP Enumeration snmpcheck snmpenum (More to come.)
Hide Your Ass, Change Your MAC Manually ifconfig wlan0 down ifconfig wlan0 hw ether f1:a7:12:34:1b:c1 ifconfig wlan0 up With macchanger ifconfig wlan0 down # print your MAC macchanger -s wlan0 # set your MAC macchanger -m 11:22:33:44:55:66 wlan0 # set to a random vendor, random ID macchanger -A wlan0 # set to your physical vender, …
Continue reading “[ Pen Testing ] :: Step by Step: Changing Your MAC Address”
# Install Lee Baird’s Discover, a huge and golden # master collection: cd /opt git clone https://github.com/leebaird/discover.git cd /discover ./update.sh http://www.thegeeky.space/2015/04/how-to-save-time-doing-passive-discovery-in-Kali-Linux-using-discover-or-backtrack-script-framework.html https://www.youtube.com/watch?v=BovrxSpZpQI sss zzzz
There is a ton of stuff on these pages and sites, to much to catalog at the moment. But when I’m looking for an exploit or payload, these are the kinds of places I dig. How to use msfvenom: https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom “Complete Howto for msfvenom”: https://securitytraning.com/complete-guide-msfvenom/ Colección de herramientas y técnicas para obtener shells reversas en …
Continue reading “[ Pen Testing ] :: Step by Step: Resource Links”
Basic Linux Privilege Escalation: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Local Linux Enumeration & Privilege Escalation Cheatsheet: an item-by-item list of tests performed by LinEnum: https://www.rebootuser.com/?p=1623 LinEnum: https://github.com/rebootuser/LinEnum