Skip to content

Instantly share code, notes, and snippets.

@adricnet

adricnet/some_labs.md

Last active November 12, 2016 23:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save adricnet/8c8d79b0de80e2e13c416234def8dee7 to your computer and use it in GitHub Desktop.
Save adricnet/8c8d79b0de80e2e13c416234def8dee7 to your computer and use it in GitHub Desktop.
Download ZIP
Lab notes from vuln hub practice
Raw
some_labs.md

VulnHub VMs

Tools

From Kali, or Security Onion

  • nmap/zenmap
  • Burp Suite Free
  • msfconsole
  • sqlmap
  • misc utils: xxd, base64, less, file, nc

Walkthroughs

Spoiler-rich, naturlich

Learnt

  • burpsuite
    • defaults to 127.0.0.1:8080 for proxy
    • modules: target,scope,spider , also used repeater and encoder
  • sqlmap
    • needs a vulnerable parameter (-p)
    • once in can identify --dbs, --tables
    • and generally --dump all_the_things -D -T -C
    • and it recognizes hashes and will offer to crack upon them
  • nikto kicks out hints, can mutate to guess ~ folders or CGI folders with --plugins

misc

  • Looked up the format of a particular useragent and an HTTP basic header
  • xxd -r -p will print characters from hex
  • some privesc hints for Linux that sound promising
  • metasploitable2 is definitely vulnerable to some things in msf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment