Pentest – Page 8 – 0perat0r个人站

Databases

Posted on May 10, 2020May 17, 2020 by 0pr

Table of Contents MySQL Enumeration Manual SQL Injection Sqlmap Foothold Sqlmap Mysqldump MSSQL Enumeration Mssql_ping Mssql_enum Mssql_enum_logins Mssql_schemadump Brute Forcing Mssql_login Jtr_mssql_fast Foothold Mssqlclient.py Mssql_payload Lateral Movement Mssql_hashdump XP_cmdshell Privilege Escalation Mssql_escalate_dbowner Mssql_escalate_execute_as MySQL Enumeration Manual SQL Injection If some search field is vulnerable to injection. Use below techniques # in burp suite check the…

Active Directory 101 – LDAP

Posted on May 9, 2020May 20, 2020 by 0pr

Basicly speaking, LDAP is a network protocol that can be used to talk to Active Directory. In Windows Servers, LDAP can be integrated as a feature along side AD, to add authentication/authorization scalability to the entire system. It’s so big a topic, I won’t write about it. Here are some good references to read about…

0x0D-HackTheBox-Cascade

Posted on May 8, 2020May 20, 2020 by 0pr

Table of Contents Command History Set Up Recon Masscan Nmap Rpcclient Smbclient Enum4linux Nmap Read More Ldapsearch Sambe on 139,445 Rpc DNS on 53 Kerberos on 88 Evil-winrm Foothold Privilege Escalation Manual Enumeration PowerView.ps1 Go Back to Check the Command List Crack the LDAP Encoded Thing Evil-winrm Some Assessment Final Thoughts References Command History Reference…

Avoiding Detection

Posted on May 5, 2020May 20, 2020 by 0pr

Table of Contents Msfvenom Packer Veil References Msfvenom Link to Msfvenom. Use with multiple encoders to evade detection. Packer Install upx to pack the executable. Here is a link to PolyPack Project which talks about packing in more detail. Veil For MeterHTTPSContained payload ./Veil.py use 20 set LHOST <ip> set LPORT <port> generate use the…

Meterpreter

Posted on May 5, 2020May 17, 2020 by 0pr

Table of Contents Extracting the Password Hashes Pass the Hash Capturing Key Strokes Token Impersonation Pivoting Through Sub-network Meterpreter Scripts Migrating to a Process Killing Antivirus Software Obtaining System Password Hashes Viewing All Traffic on a Target Machine Scraping a System Using Persistence Leveraging Post Exploitation Modules Upgrading Your Command Shell to Meterpreter Manipulating Windows…

Active Directory 101 – LLMNR

Posted on May 5, 2020May 20, 2020 by 0pr

Table of Contents The Concept LLMNR Related Attacks LLMNR/NBT-NS Poisoning Responder How It Works – The Source Code Initialization packet.py Servers Folder The Main Function LLMNR.py Check By Doing Analyze Network Traffic What If I Turn Off the MDNS Poisoner? Conclusion References This is the first article of my Active Directory Series. I’ll be reading…

Inside Metasploit – Write a Simple Exploit Module

Posted on May 3, 2020May 20, 2020 by 0pr

Table of Contents The Intention Place to Start The Template Be Creative The Prototype The Real Request Next Steps References The really interesting thing begins right here right now. I am going to dig into metasploit, and try to write a simple metasploit module from scratch. The Intention The intention of doing this is to…

Getting Real With BugBounty – Passive Recon

Posted on May 3, 2020May 17, 2020 by 0pr

Table of Contents Disclaimer Passive Recon BuiltWith Shodan.io Censys.io Hunter.io Summary Disclaimer Anything here on my blog, this article, and all the other one, are for education purpose. Any misuse of the information is at your own risk. 声明此博客任何文章，包括本篇，仅供学习使用。任何滥用信息的行为，作者概不负责。 What Perter Kim (author of THP) suggests is to get your hands dirty. And the…

TheHackerPlayBook I – Section III – The Throw

Posted on May 3, 2020May 17, 2020 by 0pr

Table of Contents Web Application Exploitation SQL Injection (SQLi) Crosssite Scripting (XSS) Cross-site Request Forgery (CSRF) Session Token Entropy Fuzzing/Input validation Business Logic Summary Web Application Exploitation First things first, two good resources for webapp pentest. OWASP WebApp Testing Guid The Web Application Hacker’s Handbook SQL Injection (SQLi) TODO Read more about SQL database, how…

TheHackerPlayBook I – Section II – The Drive

Posted on May 3, 2020May 17, 2020 by 0pr

Table of Contents General Idea The Mentality Thing The Difference Wthin Responsibility Engagement Time Section II – The Drive – Exploiting Scanner Findings About Payloads DEP and ASLR DEP ASLR Take Aways General Idea This is going to be a notes taking article upon reading the book The Hacker Play Book I. I will stop…

← Newer posts Older posts →