Categorieën
Pentest

snmp audit walkthrough

Discover SNMP running hosts

  • nmap -sU -p 161 target-ip

Brute force community string

  • onesixtyone -c /root/seclist target-ip

Enumerate snmp info on host

  • snmpenum target-ip public windows.txt

 

Categorieën
Pentest

hping3

hping3 -S -r -p 135 x.x.x.x

  • -S TCP sync
  • -r check for ID +
  • -p target(open) port

hping3 -a zombie-ip -S -p 23 target-ip

  • -a spoof source-ip
  • -p target service

 

Categorieën
Pentest

How to cheat / pass Mindtickle exams with a 100% score

1. Install Firefox

2. Start your mindtickle course in the firefox browser

3. Open Web developer -> Web Console

4. This should open something like this:

Picture1

5. Now select the Debugger tab and browse to the cf-**.mindtickle.com site icon and underlying folder structure 920xxx -> scormcontent -> lib -> index.html

Picture2

6. Select “control +f” or “command +f” to search the index.html for window.courseData

Picture3

7. Make sure to select and copy the complete Base64 Encoded text

8. Paste the Base64 Encoded text in an online decoder site such as https://www.base64decode.org/ and click on Decode to get the clear text result

Picture4

9. Save the decoded text in a file and open it in your preferred editor

10. Now search for a question in your exam lookup the correct answer:

Picture5

11. Finish your exam and end-up with a 100% score 😉

Now lets automate this further by leveraging a Python Script.

1. Follow the previous mentioned 5 steps but now download the index.html file:

pic-1

2. Past the following python code in a file and save it with the .py extension:

import base64
import json
correctID = []
answer_list = []
print(”)
print(“##########—–HELLO-CHEATER—–##########”)
print(”)
print(“Please provide full MidTickle index.html download path in single quotes”)
print(“Example = ” + “‘//Users/YOURUSERNAME/Desktop/index.html'”)
print(”)
path = input(“Path = : “)
print(”)
with open(path) as search:
for line in search:
line = line.rstrip() # remove ‘\n’ at end of line
if’window.courseData’in line:
data=(line).replace(‘window.courseData = ‘, ”).replace(‘”;’, ”)+'”‘
encoded = data
decoded = base64.b64decode(encoded)
json_array = json.loads(decoded)
#print(“lessonCount”)
###################
lessonsCount = len(json_array[‘course’][‘lessons’])
#print(lessonsCount)
#print(“answerCount”)
###################
answercounter = 0
for i in json_array[‘course’][‘lessons’]:
if (i[‘type’] == ‘quiz’):
break
answercounter += 1
#print(answercounter)
#print(“itemCount”)
####################
itemcounter = len(json_array[‘course’][‘lessons’][answercounter][‘items’])
#print(itemcounter)
#print(“Correct ID’s: “)
correctID_count = 0
for item in json_array[‘course’][‘lessons’][answercounter][‘items’]:
correctID_details = {“id”:None, “title”:None}
correctID_details[‘id’] = item[‘correct’]
correctID_details[‘title’] = item[‘title’]
correctID.append(correctID_details)
correctID_count = correctID_count + 1
#print(correctID)
#print(correctID_count)
#print(“FullanswerList”)
#####################
j = itemcounter
c = 0
while (c < j):
for item in json_array[‘course’][‘lessons’][answercounter][‘items’][c][‘answers’]:
answer_details = {“id”:None, “title”:None}
answer_details[‘id’] = item[‘id’]
answer_details[‘title’] = item[‘title’]
answer_list.append(answer_details)
c = c + 1
#print(answer_list)
##################
print(“###########################################”)
print(“###-The-Correct-MindTickle-Answers-Are:-###”)
print(“###########################################”)
print(”)
#############################
for id in correctID:
correct_id = id[‘id’]
for x in answer_list:
if x[‘id’] == correct_id:
print(“Question: ” + id[‘title’] + ” “)
print(“Answer : ” + x[‘title’])
print(“——————————————-“)
print(”)
print(“#############——ENJOY—–##############”)
print(“####-Created-By-MSX-@-Rootsecurity.nl-#####”)
print(“#############–23/03/2020–################”)
print(“###########################################”)
3. Execute the file in python like shown below
pic-2
4. Enter the file location of the stored index.html file as shown below and click enter
pic-3
5. Enjoy the output of questions and answers together
pic-5
Categorieën
Pentest

SMB

Scan for SMB hosts

  • nmap -sS -p 139,445 target-ip/range

Run nbtscan to obtain netbios info

  • nbtscan -v target-ip

* smbmap -H ip -u anonymous
* smbmap -H ip -u anonymous -r –depth 5
* smbmap -d domain -u user -p password -H x.x.x.x
* smbmap -d domain -u user -p password -H x.x.x.x -R sharename (list files in share)

* smbclient -c “recurse;ls” //x.x.x.x/SYSVOL -U domain\\user%password
* smbclient -L //ip
* smbclient \\\\IP\\ADMIN$ -U user
* get filename

* Copy Folders
smbclient ‘\\server\share’
mask “”
recurse ON
prompt OFF
cd ‘path\to\remote\dir’
lcd ‘~/path/to/download/to/’
mget *

Categorieën
Pentest

NIKTO (web)

nikto -h ip -p 80
owasp-zap

Categorieën
nmap Pentest Uncategorized

nmap

* nmap –script-updatedb
* nmap -p 1-65535 -T4 -A -v
* nmap -p 1-65535 -sV -sS -T4 IP
* nmap -sC -sV -oA name ip
* nmap -T4 -A -sV -v3 -d -oA output –script all target

/usr/share/nmap/scripts/

less name.nmap

  • nmap -sS tcp sync
  • nmap -sT full tcp
  • nmap -sU udp
  • nmap -oX output xml format
  • xsltproc portscan.xml -o portscan.html

Zombie Scan

  1. find incremental fragmentation IP ID +1
  2. nmap -O -v -n ip
  3. if IP ID Sequence is incremental host is good

Use Zombie to scan other host

1.nmap -Pn -sI zombieip:openport targetip -p23 -v