Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

#!/usr/bin/env python
# gateway-finder - Tool to identify routers on the local LAN and paths to the Internet
# Copyright (C) 2011 pentestmonkey@pentestmonkey.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Founda...


Score: 0


Rainbow crack (http://www.antsight.com/zsl/rainbowcrack/)
> ophcrack (http://ophcrack.sourceforge.net/)
> rainbow tables
rcrack c:\rainbowcrack\*.rt -f pwfile.txt

Ophcrack (http://ophcrack.sourceforge.net/)

Cain & Abel (http://www.oxid.it/)

John the Ripper (http://www.openwall.com/john/)
./unshadow passwd shadow > fi...


Score: 0


Discovery & Probing. Enumeration can serve two distinct purposes in an assessment: OS Fingerprinting Remote applications being served. OS fingerprinting or TCP/IP stack fingerprinting is the process of determining the operating system being utilised on a remote host. This is carried out by analyzing packets received from the host in question. T...


Score: 0


Tor Node Checker
> Ip Pages (http://www.ippages.com/?ip)
> Kewlio.net (http://www.as3344.net/is-tor/)

nmap NSE script...


Score: 0


X11 Enumeration
> List open windows
> Authentication Method
>> Xauth
>> Xhost

X11 Exploitation
> xwd
xwd -display 192.168.0.1:0 -root -out 192.168.0.1.xpm
> Keystrokes
Received
Transmitted
> Screenshots
> xhost +

Examine Configuration Files
> /etc/Xn.hosts
> /usr/lib/X11/xdm
>...


Score: 0


VNC Enumeration
> Scans
>> 5900^ for direct access.5800 for HTTP access.

VNC Brute Force
> Password Attacks
>> Remote
>>> Password Guess
>>>> vncrack
>>> Password Crack
>>>> vncrack
>>> Packet Capture
Phosshttp://www.phenoelit.de/phoss
> Local
>>...


Score: 0


SIP Enumeration
> netcat (http://netcat.sourceforge.net/)
nc IP_Address Port
> sipflanker (http://code.google.com/p/sipflanker/)
python sipflanker.py 192.168.1-254
> Sipscan (http://www.hackingvoip.com/tools/sipscan.msi)
> smap
smap IP_Address/Subnet_Mask
smap -o IP_Address/Subnet_Mask
smap -l IP_Address

SIP Packet ...


Score: 0


Sybase Enumeration
> sybase-version ip_address from NGS

Sybase Vulnerability Assessment
> Use DBVisualiser
>> Sybase Security checksheet
Copy output into excel spreadsheet
Evaluate mis-configured parameters
>> Manual sql input of previously reported vulnerabilties
Advanced SQL Injection in SQL Server
More Advanc...


Score: 0


Rdesktop Enumeration
> Remote Desktop Connection

Rdestop Bruteforce
> TSGrinder (http://www.hammerofgod.com/download.html)
tsgrinder.exe -w dictionary_file -l leet -d workgroup -u administrator -b -n 2 IP_Address
> Tscrack (http://web.archive.org/web/20030405132642/bogonel.mirror.spacebitch.com/)...


Score: 0


HP Enumeration
> Authentication Method
>> Host OS Authentication
>> Default Authentication
>>> Default Passwords (http://www.vulnerabilityassessment.co.uk/passwordsC.htm)
> Wikto (http://www.sensepost.com/)
> Nstealth (http://www.nstalker.com/eng/products/nstealth/)

HP Bruteforce
> Hydra (http://www...


Score: 0