Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

X11 Enumeration
> List open windows
> Authentication Method
>> Xauth
>> Xhost

X11 Exploitation
> xwd
xwd -display 192.168.0.1:0 -root -out 192.168.0.1.xpm
> Keystrokes
Received
Transmitted
> Screenshots
> xhost +

Examine Configuration Files
> /etc/Xn.hosts
> /usr/lib/X11/xdm
>...


Score: 0


VNC Enumeration
> Scans
>> 5900^ for direct access.5800 for HTTP access.

VNC Brute Force
> Password Attacks
>> Remote
>>> Password Guess
>>>> vncrack
>>> Password Crack
>>>> vncrack
>>> Packet Capture
Phosshttp://www.phenoelit.de/phoss
> Local
>>...


Score: 0


SIP Enumeration
> netcat (http://netcat.sourceforge.net/)
nc IP_Address Port
> sipflanker (http://code.google.com/p/sipflanker/)
python sipflanker.py 192.168.1-254
> Sipscan (http://www.hackingvoip.com/tools/sipscan.msi)
> smap
smap IP_Address/Subnet_Mask
smap -o IP_Address/Subnet_Mask
smap -l IP_Address

SIP Packet ...


Score: 0


Sybase Enumeration
> sybase-version ip_address from NGS

Sybase Vulnerability Assessment
> Use DBVisualiser
>> Sybase Security checksheet
Copy output into excel spreadsheet
Evaluate mis-configured parameters
>> Manual sql input of previously reported vulnerabilties
Advanced SQL Injection in SQL Server
More Advanc...


Score: 0


Rdesktop Enumeration
> Remote Desktop Connection

Rdestop Bruteforce
> TSGrinder (http://www.hammerofgod.com/download.html)
tsgrinder.exe -w dictionary_file -l leet -d workgroup -u administrator -b -n 2 IP_Address
> Tscrack (http://web.archive.org/web/20030405132642/bogonel.mirror.spacebitch.com/)...


Score: 0


HP Enumeration
> Authentication Method
>> Host OS Authentication
>> Default Authentication
>>> Default Passwords (http://www.vulnerabilityassessment.co.uk/passwordsC.htm)
> Wikto (http://www.sensepost.com/)
> Nstealth (http://www.nstalker.com/eng/products/nstealth/)

HP Bruteforce
> Hydra (http://www...


Score: 0


NFS Enumeration
> showmount -e hostname/ip_address
> mount -t nfs ip_address:/directory_found_exported /local_mount_point

NFS Brute Force
> Interact with NFS share and try to add/delete
> Exploit and Confuse Unix (http://www.vulnerabilityassessment.co.uk/nfs.htm)

Examine Configuration Files
> /etc/exports
> /etc/...


Score: 0


Oracle Enumeration
> oracsec (http://www.woany.co.uk/oracsec/)
> Repscan (http://www.red-database-security.com/)
> Sidguess (http://www.red-database-security.com/)
> Scuba (http://www.imperva.com/products/scuba.html)

> WinSID (http://www.vulnerabilityassessment.co.uk/WinSID.zip)
> Oracle default password list (http:/...


Score: 0


Citrix Enumeration
> Default Domain
> Published Applications
./citrix-pa-scan {IP_address/file | - | random} [timeout] (http://www.cqure.net/tools/citrix_pa.zip)
citrix-pa-proxy.pl IP_to_proxy_to [Local_IP] (http://www.cqure.net/tools/citrix_pa.zip)

Citrix Brute Force
> bforce.js ( http://code.google.com/p/gobag/source/browse/tr...


Score: 0


SQL Enumeration
> piggy ( http://www.cqure.net/wp/?page_id=33 )
> SQLPing ( http://www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx )
>> sqlping ip_address/hostname
> SQLPing2 ( http://www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx )
> SQLPing3 ( http://www.sqlsecurity.com/Tools/FreeTools/tabid/65/Def...


Score: 0