Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

Enumeration is the key.
(Linux) privilege escalation is all about:

Collect - Enumeration, more enumeration and some more enumeration.
Process - Sort through data, analyse and prioritisation.
Search - Know what to search for and where to find the exploit code.
Adapt - Customize the exploit, so it fits. Not every exploit work for every system ...


Score: 0

By: ajayverma 2019-05-30 12:50:34

#!/bin/bash
#A script to enumerate local information from a Linux host
version="version 0.96"
#@rebootuser

#help function
usage ()
{
echo -e "\n\e[00;31m#########################################################\e[00m"
echo -e "\e[00;31m#\e[00m" "\e[00;33mLocal Linux Enumeration & Privilege Escalat...


Score: 0


#!/usr/env python

###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##----------------------------------------------------------------------------------...


Score: 0


In pen testing a huge focus is on scripting particular tasks to make our lives easier. As a result I need to call special attention to some fantastic privilege escalation scripts at pentest monkey and rebootuser which I’d highly recommend.


LinEnum
http://www.rebootuser.com/?p=1758
This tool is great at running through a heap of things you ...


Score: 0


The windows passwords can be accessed in a number of different ways. The most common way would be via accessing the Security Accounts Manager (SAM) file and obtaining the system passwords in their hashed form with a number of different tools. Alternatively passwords can be read from memory which has the added benefit of recovering the passwords in ...


Score: 0


Sometimes you obtain passwords that are in a hashed form. Due to the mathematical properties of (secure) hashes there are limited ways of recovering the plain text. Primarily this will be through brute force, or alternatively using word lists. oclHashcat is a fantastic hash cracking tool that takes advantage of your GPU to dramatically ramp up your...


Score: 0


Cracking passwords has two aspects that need to be considered when taking into account how likely it is to reveal the information you need. They are defined as follows:

Efficiency – The likelihood that your password set has the candidate password within it.
Power – How many attempts / guesses you can make per second, minute / random time fr...


Score: 0


Often you may wish to obtain access to a service or password protected area on a network. Examples of this may be trying to log into a ssh service, RDP, http-get (i.e. what your router pops up with), etc. There a multitude of tools that will allow you to perform these password attacks, hydra, medusa and ncrack are popular examples. Some tools may c...


Score: 0


Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.

Shell Spawning

python -c 'import pty; pty.spawn("/bin/sh")'
...


Score: 0


Windows remote desktop is a commonly used protocol throughout many networks. It provides remote access to windows machines when enabled.

Tool
rdesktop

Basic Syntax

rdesktop -u <username> -p <password> <ip address> -g <percentage / resolution></percentage></ip></password></username>

Break ...


Score: 0