Categorieën
Uncategorized Windows Domain

Windows Domain

  • set dns server to domain
  • runas /netonly /user:domain\user cmd
Categorieën
SMB Uncategorized

SMB Enumeration

Mount UNC shares

mkdir /tmp/finance
mount -t cifs -o user=almir,password=Password,rw,vers=1.0 //172.16.5.10/finance /tmp/finance

sudo smbclient //172.16.5.10/finance -u almir

smbmap -H ip -u anonymous

smbmap -H ip -u anonymous -r –depth 5

smbmap -d domain -u user -p password -H x.x.x.x

smbmap -d domain -u user -p password -H x.x.x.x -R sharename (list files in share)

smbclient -c “recurse;ls” //x.x.x.x/SYSVOL -U domain\user%password

smbclient -L //ip

smbclient \\IP\ADMIN$ -U user

Copy Folders

smbclient ‘\server\share’ mask “” recurse ON prompt OFF cd ‘path\to\remote\dir’ lcd ‘~/path/to/download/to/’ mget *

Upload files

sudo smbclient //192.168.68.112/files -U admin -W WORKGROUP –directory=test

smb: \test\> put test.exe

 

Categorieën
Uncategorized Wireshark-Filters

Wireshark Filters

http and ip.addr == 172.16.5.5
ssl

http.request.method == “GET”
http.request.method == “POST”

http.location == login_success.php

ftp
smb
smb.file

Categorieën
IP-Route Uncategorized

Check Route

sudo traceroute 10.10.10.10 -m 5

sudo route

Categorieën
DNS-Enumeration Uncategorized

DNS Enumeration

DNS enumeration
—————
sudo nslookup
server 172.16.5.10 (ip-dns-server)
>172.16.5.5 (ip-discovered-host)

sudo dig @172.16.5.10 -x 172.16.5.5 +nocookie

DNS Zone Transfer
—————–
sudo dig @172.16.5.10 sportfoo.com -t AXFR +nocookie

Categorieën
Pentest

snmp audit walkthrough

Discover SNMP running hosts

  • nmap -sU -p 161 target-ip

Brute force community string

  • onesixtyone -c /root/seclist target-ip

Enumerate snmp info on host

  • snmpenum target-ip public windows.txt