From Kali, or Security Onion
- nmap/zenmap
- Burp Suite Free
- msfconsole
- sqlmap
- misc utils: xxd, base64, less, file, nc
Spoiler-rich, naturlich
- https://seclyn.wordpress.com/2016/08/09/vulnhub-mr-robot-1/
- https://www.jamesbower.com/skydog-con-2016-ctf/
- http://resources.infosecinstitute.com/solving-vulnos2-lab/
- https://www.offensive-security.com/metasploit-unleashed/
- burpsuite
- defaults to 127.0.0.1:8080 for proxy
- modules: target,scope,spider , also used repeater and encoder
- sqlmap
- needs a vulnerable parameter (-p)
- once in can identify --dbs, --tables
- and generally --dump all_the_things -D -T -C
- and it recognizes hashes and will offer to crack upon them
- nikto kicks out hints, can mutate to guess ~ folders or CGI folders with --plugins
misc
- Looked up the format of a particular useragent and an HTTP basic header
- xxd -r -p will print characters from hex
- some privesc hints for Linux that sound promising
- metasploitable2 is definitely vulnerable to some things in msf