Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

Often in the info world you’ll run into plenty of Base64 encoded strings. A typical giveaway is the trailing = or == in many cases.

Tool
base64

Basic Syntax

base64 -i <file>
base64 -di <file>

Breakdown
-i : Useful for ignoring garbage.
-d : Decode, without this flag it will encode.

Example – Encoding Base64

ech...


Score: 0


Check Who You Are

echo %USERDOMAIN%\%USERNAME
whoami
Check Windows Version

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
Add a User

net user <username> <password> /add</password></username>

Add a User to the Administrators Group

net localgroup administrators <username> /add
...


Score: 0


A heap of simple linux commands that may prove useful to do basic things.

Requesting a DHCP IP Address

dhclient <interface></interface>
Setting a Static IP Address

ifconfig <interface> <ip address>/<cidr>
route add default gw <gateway IP Address>
echo nameserver <nameserver / Gateway IP Address>...


Score: 0


The logic of the script is to read in a list of username and password values, then push the usernames onto a queue. Each username (handled by an individual thread) goes through and tests each of the passwords in the list against the application. If the text that appears in a failed login appears it will print the failed message, otherwise it will p...


Score: 0


This really is a trivial code snippet, but as with most scripts it comes in handy because it simplifies even a basic task further. Save this to a simple filename like ‘hex2file’ and place it in your /usr/bin directory. Whenever you need to write out hex characters directly to a file use the following syntax.

hex2file 4142434445 > hexfile....


Score: 0

By: ajayverma 2019-05-30 12:51:33

Often one of the most useful (and to the beginner underrated) abilities of Metasploit is the msfpayload module. Multiple payloads can be created with this module and it helps something that can give you a shell in almost any situation. For each of these payloads you can go into msfconsole and select exploit/multi/handler. Run ‘set payload’ for ...


Score: 0


#!/usr/bin/env python
# gateway-finder - Tool to identify routers on the local LAN and paths to the Internet
# Copyright (C) 2011 pentestmonkey@pentestmonkey.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Founda...


Score: 0


Rainbow crack (http://www.antsight.com/zsl/rainbowcrack/)
> ophcrack (http://ophcrack.sourceforge.net/)
> rainbow tables
rcrack c:\rainbowcrack\*.rt -f pwfile.txt

Ophcrack (http://ophcrack.sourceforge.net/)

Cain & Abel (http://www.oxid.it/)

John the Ripper (http://www.openwall.com/john/)
./unshadow passwd shadow > fi...


Score: 0


Discovery & Probing. Enumeration can serve two distinct purposes in an assessment: OS Fingerprinting Remote applications being served. OS fingerprinting or TCP/IP stack fingerprinting is the process of determining the operating system being utilised on a remote host. This is carried out by analyzing packets received from the host in question. T...


Score: 0


Tor Node Checker
> Ip Pages (http://www.ippages.com/?ip)
> Kewlio.net (http://www.as3344.net/is-tor/)

nmap NSE script...


Score: 0