Hey, KEEP CALM and hack away…
Table of Contents Command History Set Up Recon Masscan Nmap Check out the Website Gobuster The Login Page Burp Suite SQL Injection Probe Sqlmap Side Notes: How Sqlmap Works Foothold MySQL Database WinPEAs Sqlmap Dump All Info Powershell Code Execution PHP File Solution Final Thoughts References Command History masscan – found several service ports -…
Table of Contents Command History Set Up Recon Masscan Check Out Website Gobuster Manual Explore Foothold Manual Enumeration MySQL Linenum LinPEAs Go Back and Review SSH Brute Force JohnTheRipper Final Thoughts References Command History masscan – found open port 22, 80 – effective nmap – scan for services – effective gobuster – found three hidden…
Table of Contents General Linux Metasploit Port Forwarding Sed Less SSH SSH Tunnel Bash NetCat Nmap Wget PHP File Upload Script and Web Server Tcpdump Windows Burp Suite General Put GIF8; on top of payload to make it a GIT image file type. Linux Metasploit Import xml to database. nmap -Pn -sS -A -oX Subnet1…
Table of Contents MySQL Enumeration Manual SQL Injection Sqlmap Foothold Sqlmap Mysqldump MSSQL Enumeration Mssql_ping Mssql_enum Mssql_enum_logins Mssql_schemadump Brute Forcing Mssql_login Jtr_mssql_fast Foothold Mssqlclient.py Mssql_payload Lateral Movement Mssql_hashdump XP_cmdshell Privilege Escalation Mssql_escalate_dbowner Mssql_escalate_execute_as MySQL Enumeration Manual SQL Injection If some search field is vulnerable to injection. Use below techniques # in burp suite check the…
Basicly speaking, LDAP is a network protocol that can be used to talk to Active Directory. In Windows Servers, LDAP can be integrated as a feature along side AD, to add authentication/authorization scalability to the entire system. It’s so big a topic, I won’t write about it. Here are some good references to read about…
Table of Contents Command History Set Up Recon Masscan Nmap Rpcclient Smbclient Enum4linux Nmap Read More Ldapsearch Sambe on 139,445 Rpc DNS on 53 Kerberos on 88 Evil-winrm Foothold Privilege Escalation Manual Enumeration PowerView.ps1 Go Back to Check the Command List Crack the LDAP Encoded Thing Evil-winrm Some Assessment Final Thoughts References Command History Reference…
Table of Contents Msfvenom Packer Veil References Msfvenom Link to Msfvenom. Use with multiple encoders to evade detection. Packer Install upx to pack the executable. Here is a link to PolyPack Project which talks about packing in more detail. Veil For MeterHTTPSContained payload ./Veil.py use 20 set LHOST <ip> set LPORT <port> generate use the…
Table of Contents Extracting the Password Hashes Pass the Hash Capturing Key Strokes Token Impersonation Pivoting Through Sub-network Meterpreter Scripts Migrating to a Process Killing Antivirus Software Obtaining System Password Hashes Viewing All Traffic on a Target Machine Scraping a System Using Persistence Leveraging Post Exploitation Modules Upgrading Your Command Shell to Meterpreter Manipulating Windows…
Table of Contents The Concept LLMNR Related Attacks LLMNR/NBT-NS Poisoning Responder How It Works – The Source Code Initialization packet.py Servers Folder The Main Function LLMNR.py Check By Doing Analyze Network Traffic What If I Turn Off the MDNS Poisoner? Conclusion References This is the first article of my Active Directory Series. I’ll be reading…
Table of Contents The Intention Place to Start The Template Be Creative The Prototype The Real Request Next Steps References The really interesting thing begins right here right now. I am going to dig into metasploit, and try to write a simple metasploit module from scratch. The Intention The intention of doing this is to…