Often one of the most useful (and to the beginner underrated) abilities of Metasploit is the msfpayload module. Multiple payloads can be created with this module and it helps something that can give you a shell in almost any situation. For each of these payloads you can go into msfconsole and select exploit/multi/handler. Run ‘set payload’ for ...
Score: 0
#!/usr/bin/env python
# gateway-finder - Tool to identify routers on the local LAN and paths to the Internet
# Copyright (C) 2011 pentestmonkey@pentestmonkey.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Founda...
Score: 0
Rainbow crack (http://www.antsight.com/zsl/rainbowcrack/)
> ophcrack (http://ophcrack.sourceforge.net/)
> rainbow tables
rcrack c:\rainbowcrack\*.rt -f pwfile.txt
Ophcrack (http://ophcrack.sourceforge.net/)
Cain & Abel (http://www.oxid.it/)
John the Ripper (http://www.openwall.com/john/)
./unshadow passwd shadow > fi...
Score: 0
Discovery & Probing. Enumeration can serve two distinct purposes in an assessment: OS Fingerprinting Remote applications being served. OS fingerprinting or TCP/IP stack fingerprinting is the process of determining the operating system being utilised on a remote host. This is carried out by analyzing packets received from the host in question. T...
Score: 0
Tor Node Checker
> Ip Pages (http://www.ippages.com/?ip)
> Kewlio.net (http://www.as3344.net/is-tor/)
nmap NSE script...
Score: 0
X11 Enumeration
> List open windows
> Authentication Method
>> Xauth
>> Xhost
X11 Exploitation
> xwd
xwd -display 192.168.0.1:0 -root -out 192.168.0.1.xpm
> Keystrokes
Received
Transmitted
> Screenshots
> xhost +
Examine Configuration Files
> /etc/Xn.hosts
> /usr/lib/X11/xdm
>...
Score: 0
VNC Enumeration
> Scans
>> 5900^ for direct access.5800 for HTTP access.
VNC Brute Force
> Password Attacks
>> Remote
>>> Password Guess
>>>> vncrack
>>> Password Crack
>>>> vncrack
>>> Packet Capture
Phosshttp://www.phenoelit.de/phoss
> Local
>>...
Score: 0
SIP Enumeration
> netcat (http://netcat.sourceforge.net/)
nc IP_Address Port
> sipflanker (http://code.google.com/p/sipflanker/)
python sipflanker.py 192.168.1-254
> Sipscan (http://www.hackingvoip.com/tools/sipscan.msi)
> smap
smap IP_Address/Subnet_Mask
smap -o IP_Address/Subnet_Mask
smap -l IP_Address
SIP Packet ...
Score: 0
Sybase Enumeration
> sybase-version ip_address from NGS
Sybase Vulnerability Assessment
> Use DBVisualiser
>> Sybase Security checksheet
Copy output into excel spreadsheet
Evaluate mis-configured parameters
>> Manual sql input of previously reported vulnerabilties
Advanced SQL Injection in SQL Server
More Advanc...
Score: 0
Rdesktop Enumeration
> Remote Desktop Connection
Rdestop Bruteforce
> TSGrinder (http://www.hammerofgod.com/download.html)
tsgrinder.exe -w dictionary_file -l leet -d workgroup -u administrator -b -n 2 IP_Address
> Tscrack (http://web.archive.org/web/20030405132642/bogonel.mirror.spacebitch.com/)...
Score: 0